www.rd.com Open in urlscan Pro
2606:4700:4400::ac40:9573 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.email.rd.com/?qs=1c1850b33d0b9c3525b9114b00af26b2b904c95f6e467773a32105cf363c181e6cdb313f83b6c923e643d1c5a0c7...
Effective URL:
https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D3...
Submission: On August 18 via api (August 18th 2022, 2:13:03 pm UTC) from US — Scanned from DE

Summary HTTP 343 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 85 IPs in 9 countries across 53 domains to perform 343 HTTP transactions. The main IP is 2606:4700:4400::ac40:9573, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.rd.com. The Cisco Umbrella rank of the primary domain is 46655.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 19th 2022. Valid for: a year.

This is the only time www.rd.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.148.19 13.111.148.19	22606 (EXACT-7) (EXACT-7)
80	2606:4700:440... 2606:4700:4400::ac40:9573	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
5	23.47.209.169 23.47.209.169	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.47.209.80 23.47.209.80	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
2	2606:4700:20:... 2606:4700:20::ac43:45f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2600:9000:230... 2600:9000:2304:e200:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
1	23.7.197.114 23.7.197.114	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	2600:9000:225... 2600:9000:225e:6200:1:a3fa:7cc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3035::6815:29f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	13.224.195.78 13.224.195.78	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:551	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	18.66.112.102 18.66.112.102	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f14:600... 2600:1f14:600:6e00:74d0:abd:2041:a4f0	16509 (AMAZON-02) (AMAZON-02)
2	52.45.182.189 52.45.182.189	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:9000:225... 2600:9000:225e:400:1:a3fa:7cc0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:230... 2600:9000:2304:a200:e:5a70:ca4f:f701	16509 (AMAZON-02) (AMAZON-02)
13	152.199.4.139 152.199.4.139	15133 (EDGECAST) (EDGECAST)
2 5	13.225.78.39 13.225.78.39	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:440e::ac40:9c1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:400e:80c::200a	15169 (GOOGLE) (GOOGLE)
1	52.18.219.233 52.18.219.233	16509 (AMAZON-02) (AMAZON-02)
3	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
3	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a04:4e42:4b::84 2a04:4e42:4b::84	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
9	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	20.50.2.28 20.50.2.28	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2600:1f18:730... 2600:1f18:730:b130:4c96:5596:18cd:cf5	14618 (AMAZON-AES) (AMAZON-AES)
1	35.168.71.120 35.168.71.120	14618 (AMAZON-AES) (AMAZON-AES)
9	2a04:4e42:600... 2a04:4e42:600::626	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	13.224.189.41 13.224.189.41	16509 (AMAZON-02) (AMAZON-02)
2	151.101.1.194 151.101.1.194	54113 (FASTLY) (FASTLY)
2	34.120.117.212 34.120.117.212	15169 (GOOGLE) (GOOGLE)
5	34.98.72.95 34.98.72.95	15169 (GOOGLE) (GOOGLE)
1	152.199.5.228 152.199.5.228	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:400a:801::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9b	15169 (GOOGLE) (GOOGLE)
1	13.32.99.59 13.32.99.59	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
3	151.101.0.84 151.101.0.84	54113 (FASTLY) (FASTLY)
1	34.111.8.32 34.111.8.32	15169 (GOOGLE) (GOOGLE)
2	18.225.24.114 18.225.24.114	16509 (AMAZON-02) (AMAZON-02)
7	34.251.24.18 34.251.24.18	16509 (AMAZON-02) (AMAZON-02)
1	13.32.121.113 13.32.121.113	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	3.125.201.50 3.125.201.50	16509 (AMAZON-02) (AMAZON-02)
1	2602:803:c003... 2602:803:c003:200::21	26667 (RUBICONPR...) (RUBICONPROJECT)
4	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	15.188.216.240 15.188.216.240	16509 (AMAZON-02) (AMAZON-02)
3 10	37.252.173.27 37.252.173.27	29990 (ASN-APPNEX) (ASN-APPNEX)
2	3.82.168.103 3.82.168.103	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
2	3.65.41.66 3.65.41.66	16509 (AMAZON-02) (AMAZON-02)
4	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
1	18.211.56.22 18.211.56.22	14618 (AMAZON-AES) (AMAZON-AES)
1	23.36.162.30 23.36.162.30	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
12	18.195.227.5 18.195.227.5	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::626	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::ac40:99f1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
2	52.213.82.126 52.213.82.126	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
2	52.57.125.17 52.57.125.17	16509 (AMAZON-02) (AMAZON-02)
4	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
4	99.86.240.107 99.86.240.107	16509 (AMAZON-02) (AMAZON-02)
1	34.120.155.137 34.120.155.137	() ()
2	23.205.235.133 23.205.235.133	() ()
3	23.35.228.247 23.35.228.247	() ()
3	151.101.193.108 151.101.193.108	() ()
3	76.223.111.18 76.223.111.18	() ()
3	23.35.228.201 23.35.228.201	() ()
1	185.64.190.78 185.64.190.78	() ()
343	85

1 13.111.148.19 (United States) 1 redirects

ASN22606 (EXACT-7, US)
PTR: click.email.rd.com

click.email.rd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

80 2606:4700:4400::ac40:9573 (United States)

ASN13335 (CLOUDFLARENET, US)

www.rd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.47.209.169 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-209-169.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.47.209.80 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-209-80.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:45f7 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2304:e200:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.7.197.114 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-7-197-114.deploy.static.akamaitechnologies.com

micro.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:225e:6200:1:a3fa:7cc0:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cdn.jwplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3035::6815:29f3 (United States)

ASN13335 (CLOUDFLARENET, US)

tags.catapultx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.224.195.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-78.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:551 (United States)

ASN13335 (CLOUDFLARENET, US)

d82f7a30-751a-4689-b7e9-19336a89ab46.edge.permutive.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.112.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-102.fra56.r.cloudfront.net

cdn.p-n.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f14:600:6e00:74d0:abd:2041:a4f0 (Boardman, United States)

ASN16509 (AMAZON-02, US)

aamapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.45.182.189 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-182-189.compute-1.amazonaws.com

tracking.skyword.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225e:400:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

content.jwplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2304:a200:e:5a70:ca4f:f701 (United States)

ASN16509 (AMAZON-02, US)

cdn.flipboard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 152.199.4.139 (United States)

ASN15133 (EDGECAST, US)

widget.beop.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.225.78.39 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-39.fra2.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::ac40:9c1a (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400e:80c::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.219.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-219-233.eu-west-1.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:4b::84 (United States)

ASN54113 (FASTLY, US)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.50.2.28 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

collector.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b130:4c96:5596:18cd:cf5 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.168.71.120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-168-71-120.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a04:4e42:600::626 (United States)

ASN54113 (FASTLY, US)

ssl.p.jwpcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
prd.jwpltx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets-jpcust.jwpsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-41.fra2.r.cloudfront.net

ats.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.117.212 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 212.117.120.34.bc.googleusercontent.com

ls.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.72.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.5.228 (United States)

ASN15133 (EDGECAST, US)

entitlements.jwplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400a:801::200a (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-59.fra60.r.cloudfront.net

geo.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.0.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.8.32 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.225.24.114 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-225-24-114.us-east-2.compute.amazonaws.com

s.beop.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.251.24.18 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-24-18.eu-west-1.compute.amazonaws.com

t.beop.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
contents-tracking.beop.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-113.fra60.r.cloudfront.net

context.iris.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.125.201.50 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-201-50.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.188.216.240 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-216-240.eu-west-3.compute.amazonaws.com

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.252.173.27 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.82.168.103 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-82-168-103.compute-1.amazonaws.com

krk.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

062c24ac1719c100a8b7e9af6670a7d8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.65.41.66 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-41-66.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.211.56.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-56-22.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.36.162.30 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-30.deploy.static.akamaitechnologies.com

sli.rd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.195.227.5 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com

prebid-a.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::626 (United States)

ASN54113 (FASTLY, US)

assets-jpcust.jwpsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:99f1 (United States)

ASN13335 (CLOUDFLARENET, US)

videodam.tmbi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.213.82.126 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-82-126.eu-west-1.compute.amazonaws.com

data.beop.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.125.17 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-125-17.eu-central-1.compute.amazonaws.com

protected-by.clarium.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.86.240.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-240-107.vie50.r.cloudfront.net

check.analytics.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.155.137 (None, )

ASN- ()

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.205.235.133 (None, )

ASN- ()

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.228.247 (None, )

ASN- ()

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.108 (None, )

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 76.223.111.18 (None, )

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.228.201 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (None, )

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	rd.com 1 redirects click.email.rd.com — Cisco Umbrella Rank: 389724 www.rd.com — Cisco Umbrella Rank: 46655 sli.rd.com — Cisco Umbrella Rank: 100406	440 KB
24	beop.io widget.beop.io — Cisco Umbrella Rank: 21415 s.beop.io — Cisco Umbrella Rank: 21638 t.beop.io — Cisco Umbrella Rank: 21634 contents-tracking.beop.io — Cisco Umbrella Rank: 40389 data.beop.io — Cisco Umbrella Rank: 50949	170 KB
21	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 062c24ac1719c100a8b7e9af6670a7d8.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 159	114 KB
18	rubiconproject.com micro.rubiconproject.com — Cisco Umbrella Rank: 3423 fastlane.rubiconproject.com — Cisco Umbrella Rank: 519 prebid-server.rubiconproject.com — Cisco Umbrella Rank: 1064 prebid-a.rubiconproject.com — Cisco Umbrella Rank: 3006 eus.rubiconproject.com token.rubiconproject.com Failed	118 KB
14	gstatic.com fonts.gstatic.com www.gstatic.com	290 KB
13	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 230 acdn.adnxs.com	59 KB
11	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 2846 r.skimresources.com — Cisco Umbrella Rank: 2693 t.skimresources.com — Cisco Umbrella Rank: 2842 p.skimresources.com — Cisco Umbrella Rank: 3746 ls.skimresources.com — Cisco Umbrella Rank: 6517	22 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 361	217 KB
10	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218 stats.g.doubleclick.net — Cisco Umbrella Rank: 108 pubads.g.doubleclick.net — Cisco Umbrella Rank: 510	159 KB
9	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 304	49 KB
8	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 493 ads.pubmatic.com image6.pubmatic.com	18 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54 imasdk.googleapis.com — Cisco Umbrella Rank: 440	335 KB
7	3lift.com tlx.3lift.com — Cisco Umbrella Rank: 617 eb2.3lift.com	2 KB
7	bounceexchange.com tag.bounceexchange.com — Cisco Umbrella Rank: 2795 assets.bounceexchange.com — Cisco Umbrella Rank: 2368 api.bounceexchange.com — Cisco Umbrella Rank: 2599	194 KB
6	google.com www.google.com — Cisco Umbrella Rank: 9 adservice.google.com — Cisco Umbrella Rank: 88	2 KB
6	rlcdn.com ats.rlcdn.com — Cisco Umbrella Rank: 1340 check.analytics.rlcdn.com — Cisco Umbrella Rank: 3935 api.rlcdn.com	39 KB
6	jwpcdn.com ssl.p.jwpcdn.com — Cisco Umbrella Rank: 2497	263 KB
6	moatads.com z.moatads.com — Cisco Umbrella Rank: 423 mb.moatads.com — Cisco Umbrella Rank: 662 px.moatads.com — Cisco Umbrella Rank: 469	91 KB
5	scorecardresearch.com 2 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 146	56 KB
5	jwplayer.com 2 redirects cdn.jwplayer.com — Cisco Umbrella Rank: 2369 entitlements.jwplayer.com — Cisco Umbrella Rank: 3479	59 KB
5	liadm.com 1 redirects b-code.liadm.com — Cisco Umbrella Rank: 3636 rp.liadm.com — Cisco Umbrella Rank: 1751 rp4.liadm.com — Cisco Umbrella Rank: 8190 i.liadm.com — Cisco Umbrella Rank: 670	15 KB
4	krxd.net cdn.krxd.net — Cisco Umbrella Rank: 1459	8 KB
4	yahoo.com c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 943	211 B
4	casalemedia.com htlb.casalemedia.com — Cisco Umbrella Rank: 539 r.casalemedia.com Failed	2 KB
3	indexww.com js-sec.indexww.com	5 KB
3	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 791	1 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6076 adservice.google.de — Cisco Umbrella Rank: 8811	1 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 111	416 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 45	20 KB
3	flipboard.com cdn.flipboard.com — Cisco Umbrella Rank: 6926	6 KB
3	brandmetrics.com cdn.brandmetrics.com — Cisco Umbrella Rank: 3353 collector.brandmetrics.com — Cisco Umbrella Rank: 4498	17 KB
2	clarium.io protected-by.clarium.io — Cisco Umbrella Rank: 1847	690 B
2	jwpltx.com prd.jwpltx.com — Cisco Umbrella Rank: 2745	66 B
2	jwpsrv.com assets-jpcust.jwpsrv.com — Cisco Umbrella Rank: 3170	7 KB
2	kargo.com krk.kargo.com — Cisco Umbrella Rank: 2425	1 KB
2	fastly.net confiant-integrations.global.ssl.fastly.net — Cisco Umbrella Rank: 1393	97 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 756	19 KB
2	jwplatform.com content.jwplatform.com — Cisco Umbrella Rank: 3574	44 KB
2	skyword.com tracking.skyword.com — Cisco Umbrella Rank: 47981	4 KB
2	p-n.io cdn.p-n.io — Cisco Umbrella Rank: 4799	52 KB
2	catapultx.com tags.catapultx.com — Cisco Umbrella Rank: 18699	13 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 158	111 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 280	17 KB
1	tmbi.com videodam.tmbi.com — Cisco Umbrella Rank: 45966	2 KB
1	iris.tv context.iris.tv — Cisco Umbrella Rank: 8985	813 B
1	privacymanager.io geo.privacymanager.io — Cisco Umbrella Rank: 1383	594 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 422	2 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1113	5 KB
1	aamapi.com aamapi.com — Cisco Umbrella Rank: 22217	180 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 194	29 KB
1	permutive.app d82f7a30-751a-4689-b7e9-19336a89ab46.edge.permutive.app — Cisco Umbrella Rank: 39262
1	ntv.io s.ntv.io — Cisco Umbrella Rank: 2962	135 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	41 KB
343	53

	Domain	Requested by
80	www.rd.com	www.rd.com static.cloudflareinsights.com
13	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.rd.com confiant-integrations.global.ssl.fastly.net cdn.ampproject.org
13	widget.beop.io	www.rd.com widget.beop.io
12	prebid-a.rubiconproject.com	micro.rubiconproject.com
11	fonts.gstatic.com	fonts.googleapis.com
10	cdn.ampproject.org	confiant-integrations.global.ssl.fastly.net
10	ib.adnxs.com	3 redirects micro.rubiconproject.com acdn.adnxs.com
9	c.amazon-adsystem.com	www.rd.com c.amazon-adsystem.com
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.rd.com
7	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
6	ssl.p.jwpcdn.com	cdn.jwplayer.com
6	fonts.googleapis.com	www.rd.com client confiant-integrations.global.ssl.fastly.net
5	assets.bounceexchange.com	tag.bounceexchange.com assets.bounceexchange.com
5	sb.scorecardresearch.com	2 redirects www.rd.com
4	check.analytics.rlcdn.com	micro.rubiconproject.com
4	cdn.krxd.net	z.moatads.com cdn.krxd.net
4	contents-tracking.beop.io	widget.beop.io
4	c2shb.pubgw.yahoo.com	micro.rubiconproject.com
4	hbopenbid.pubmatic.com	micro.rubiconproject.com
4	htlb.casalemedia.com	micro.rubiconproject.com
4	tlx.3lift.com	micro.rubiconproject.com
4	www.google.com	www.rd.com tpc.googlesyndication.com
4	cdn.jwplayer.com	2 redirects www.rd.com cdn.jwplayer.com
3	ads.pubmatic.com	micro.rubiconproject.com
3	eb2.3lift.com	micro.rubiconproject.com
3	acdn.adnxs.com	micro.rubiconproject.com
3	js-sec.indexww.com	micro.rubiconproject.com
3	www.gstatic.com	cdn.jwplayer.com www.gstatic.com
3	t.beop.io	widget.beop.io
3	ct.pinterest.com	s.pinimg.com www.rd.com
3	www.facebook.com	www.rd.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	t.skimresources.com	www.rd.com s.skimresources.com
3	r.skimresources.com	s.skimresources.com
3	cdn.flipboard.com	www.rd.com
3	z.moatads.com	www.rd.com z.moatads.com
2	eus.rubiconproject.com	micro.rubiconproject.com eus.rubiconproject.com
2	px.moatads.com
2	protected-by.clarium.io
2	data.beop.io	widget.beop.io
2	prd.jwpltx.com
2	assets-jpcust.jwpsrv.com
2	prebid-server.rubiconproject.com	micro.rubiconproject.com
2	adservice.google.com	securepubads.g.doubleclick.net imasdk.googleapis.com
2	adservice.google.de	securepubads.g.doubleclick.net imasdk.googleapis.com
2	krk.kargo.com	micro.rubiconproject.com
2	s.beop.io	widget.beop.io
2	imasdk.googleapis.com	cdn.jwplayer.com imasdk.googleapis.com
2	ls.skimresources.com	s.skimresources.com
2	confiant-integrations.global.ssl.fastly.net	www.rd.com confiant-integrations.global.ssl.fastly.net
2	s.pinimg.com	www.rd.com s.pinimg.com
2	p.skimresources.com	www.rd.com
2	content.jwplatform.com	www.rd.com
2	tracking.skyword.com	www.rd.com
2	cdn.p-n.io	www.rd.com cdn.p-n.io
2	tags.catapultx.com	www.rd.com tags.catapultx.com
2	b-code.liadm.com	www.rd.com b-code.liadm.com
2	connect.facebook.net	www.rd.com connect.facebook.net
2	cdn.brandmetrics.com	www.rd.com cdn.brandmetrics.com
1	image6.pubmatic.com	ads.pubmatic.com
1	api.rlcdn.com	micro.rubiconproject.com
1	pubads.g.doubleclick.net	imasdk.googleapis.com
1	s0.2mdn.net	imasdk.googleapis.com
1	videodam.tmbi.com	www.rd.com
1	sli.rd.com
1	i.liadm.com	b-code.liadm.com
1	062c24ac1719c100a8b7e9af6670a7d8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	fastlane.rubiconproject.com	micro.rubiconproject.com
1	context.iris.tv	www.rd.com
1	api.bounceexchange.com	assets.bounceexchange.com
1	www.google.de	www.rd.com
1	geo.privacymanager.io	ats.rlcdn.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	entitlements.jwplayer.com	cdn.jwplayer.com
1	ats.rlcdn.com	www.rd.com
1	cdn.jsdelivr.net	micro.rubiconproject.com
1	rp4.liadm.com	www.rd.com
1	rp.liadm.com	1 redirects
1	collector.brandmetrics.com	cdn.brandmetrics.com
1	tag.bounceexchange.com	www.rd.com
1	mb.moatads.com	z.moatads.com
1	static.cloudflareinsights.com	www.rd.com
1	aamapi.com	www.rd.com
1	www.googletagservices.com	www.rd.com
1	d82f7a30-751a-4689-b7e9-19336a89ab46.edge.permutive.app	www.rd.com
1	micro.rubiconproject.com	www.rd.com
1	s.skimresources.com	www.rd.com
1	s.ntv.io	www.rd.com
1	www.googletagmanager.com	www.rd.com
1	click.email.rd.com	1 redirects
0	token.rubiconproject.com Failed	eus.rubiconproject.com
0	r.casalemedia.com Failed	js-sec.indexww.com
343	92

This site contains links to these domains. Also see Links.

Domain
share.flipboard.com
order.readersdigest.com
thehealthy.com
www.thehealthy.com
hooksecurity.co
www.prevailion.com
cofense.com
www.coalfire.com
www.ic3.gov
www.avanan.com
www.facebook.com
twitter.com
www.pinterest.com
www.youtube.com
instagram.com
www.tasteofhome.com
www.familyhandyman.com
www.birdsandblooms.com
www.liferichpublishing.com
www.trustedmediabrands.com
w1.buysub.com
www.google.com
www.apple.com
www.mozilla.org
www.microsoft.com
shop.rd.com
www.instagram.com

Subject Issuer	Validity	Valid
rd.com Cloudflare Inc ECC CA-3	`2022-05-19` - `2023-05-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.ntv.io DigiCert SHA2 Secure Server CA	`2021-12-04` - `2022-12-06`	a year	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2021-09-27` - `2022-10-28`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-05-27` - `2022-08-25`	3 months	crt.sh
*.liadm.com Amazon	`2022-01-31` - `2023-03-01`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
jwplayer.com Amazon	`2021-12-29` - `2023-01-25`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
permutive.app Cloudflare Inc ECC CA-3	`2022-07-15` - `2022-10-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
pushlycdn.com Amazon	`2022-02-14` - `2023-03-15`	a year	crt.sh
aamapi.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
*.skyword.com Amazon	`2022-08-16` - `2023-09-14`	a year	crt.sh
*.flipboard.com Amazon	`2022-06-14` - `2023-07-13`	a year	crt.sh
*.beop.io Gandi Standard SSL CA 2	`2022-03-09` - `2023-03-13`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-05`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
tag.bounceexchange.com R3	`2022-07-28` - `2022-10-26`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-28` - `2023-08-08`	a year	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
*.brandmetrics.com Go Daddy Secure Certificate Authority - G2	`2022-06-11` - `2023-06-11`	a year	crt.sh
*.jwplayer.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-22` - `2023-03-26`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-05-04` - `2023-06-05`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2022-08-07` - `2022-11-05`	3 months	crt.sh
entitlements.jwplayer.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2022-06-07` - `2023-05-31`	a year	crt.sh
*.privacymanager.io Amazon	`2021-09-25` - `2022-10-24`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.wunderkind.co R3	`2022-08-13` - `2022-11-11`	3 months	crt.sh
iris.tv Amazon	`2022-08-13` - `2023-09-11`	a year	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.app.kargo.com Amazon	`2022-01-06` - `2023-02-03`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-02` - `2023-01-25`	6 months	crt.sh
sli.rd.com R3	`2022-08-12` - `2022-11-10`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
tmbi.com Cloudflare Inc ECC CA-3	`2022-06-08` - `2023-06-07`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
protected-by.clarium.io Gandi Standard SSL CA 2	`2022-04-10` - `2023-04-26`	a year	crt.sh
cdn.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-12-30` - `2022-12-29`	a year	crt.sh
analytics.rlcdn.com Amazon	`2022-07-27` - `2023-08-25`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh

This page contains 29 frames:

Primary Page: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Frame ID: 381A36BDA16A479902C9FBA91E7D901B
Requests: 287 HTTP requests in this frame

Frame: https://z.moatads.com/hd09824092/iframe.html
Frame ID: 34F622F87D7265E0F57D0988C53F0FB0
Requests: 1 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6521038469039535
Frame ID: 78D68458C9774BCF1D9A0EAEF2A208BD
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 8403A6046E522F9704022B52DD59594A
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: F78043217F21D6F65B52CF0370A7C69F
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 7BA482C31EAEDCD0842E1A77EE34614E
Requests: 1 HTTP requests in this frame

Frame: https://062c24ac1719c100a8b7e9af6670a7d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 03432815523F372F87E7F8644081EAEF
Requests: 1 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-00x0?s=&cim=&ps=true&ls=true&duid=0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny&ppid=0&euns=1&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: FB074885F5F4D511FB5849CA302744E8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FDF73F4A88C7C489F7DFE1728F9074B8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A804998B280CE437106CBC6F5F72413E
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
Frame ID: 17A73434A7EF60C7A1F9C76A85CF3B5F
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs
Frame ID: 173195A7C545B74751BD6015B7C5BB8B
Requests: 19 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs
Frame ID: 21C2D58BAD623C92CD94901ED932E565
Requests: 17 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 72A4D700DBB0EFEED3F04F85FD4FD43C
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 20AAE2A5EA188F98AFB9327EFC4D2C9D
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7135730AED02D6778AAEE9FD5528CA93
Requests: 2 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 4DCDCCF23AE4578BE6CC7E7702314A77
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: B56B8D4AF3FD739906AE375437EF6F12
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 65D68F5D5455E82B9CF2C2A0424F0189
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160830
Frame ID: 615A66F9AAC0A8E283614A94EB3AAE46
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 19D627C079981DF6329F268162E1B9B3
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: CE4231AC649D5AD4102F6C201CC3D53F
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160830
Frame ID: 65AED4249EB7B0A565493056E9219F17
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 9188F7B444426F92F2A0D243F4FF1118
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 6DA5FBD1E08C12D6782C171E2AB2E769
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160830
Frame ID: F693D394FA3AC2BB0A859E23B6C900D5
Requests: 1 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 595EE1334762B02B298F7292D013BA50
Requests: 1 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 94F2B721F0A47DF1271A14B273F2E867
Requests: 1 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 510664B43726393F1ABEEAE9EB8A3B58
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

What Is Spoofing, and How Can You Protect Yourself from These Scams?

Page URL History Show full URLs

https://click.email.rd.com/?qs=1c1850b33d0b9c3525b9114b00af26b2b904c95f6e467773a32105cf363c181e6cdb313f... HTTP 302
https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=2... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

343
Requests

96 %
HTTPS

42 %
IPv6

53
Domains

92
Subdomains

85
IPs

9
Countries

3347 kB
Transfer

10501 kB
Size

23
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=What%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Protect%20Yourself%20from%20These%20Scams%3F&url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&t=1660831976189&utm_campaign=tools&utm_medium=article-share&utm_source=www.rd.com
Title: <img src="https://cdn.flipboard.com/badges/flipboard_mrrw.png" alt="Flipboard" width="32" height="32" />

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=RDA&cds_page_id=256318&int_campaign=rda_20220426_headerright&cds_response_key=IB7ADU104&int_source=direct&int_medium=rd.com&int_placement=headerright
Title: Subscribe Now

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/GiftsGateway?cds_mag_code=RDA&cds_page_id=259214&int_campaign=rda_20220426_headerright_gift&cds_response_key=IB7AAU103&int_source=direct&int_medium=rd.com&int_placement=headerright
Title: Give a Gift

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/GiftsGateway?cds_mag_code=RDA&cds_page_id=259214&int_campaign=rda_20220426_desktop_mainnavdropdown_gift&cds_response_key=IB7AAU104&int_source=direct&int_medium=rd.com&int_placement=mainnavdropdown
Title: Give a gift

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=RDA&cds_page_id=256318&int_campaign=rda_20220426_desktop_mainnavdropdown&cds_response_key=IB7ADU106&int_source=direct&int_medium=rd.com&int_placement=mainnavdropdown
Title: SUBSCRIBE

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/GiftsGateway?cds_mag_code=LRD&cds_page_id=259217&int_campaign=lrd_20220426_desktop_mainnavdropdown_gift&cds_response_key=IB7AAU102&int_source=direct&int_medium=rd.com&int_placement=mainnavdropdown
Title: Give a gift

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=LRD&cds_page_id=256319&int_campaign=lrd_20220426_desktop_mainnavdropdown&cds_response_key=IB7ADU102&int_source=direct&int_medium=rd.com&int_placement=mainnavdropdown
Title: SUBSCRIBE

Search URL Search Domain Scan URL

URL: https://thehealthy.com/

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=RDA&cds_page_id=256318&int_campaign=rda_20220426_mobile_mainnavdropdown&cds_response_key=IB7ADU107&int_source=direct&int_medium=rd.com&int_placement=mainnavdropdown
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=LRD&cds_page_id=256319&int_campaign=lrd_20220426_mobile_mainnavdropdown&cds_response_key=IB7ADU103&int_source=direct&int_medium=rd.com&int_placement=mainnavdropdown
Title: RD Large Print

Search URL Search Domain Scan URL

URL: https://www.thehealthy.com/
Title: The Healthy

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=RDA&cds_page_id=256318&int_campaign=rda_20220101_mainnav&cds_response_key=IB7ADU102&int_source=direct&int_medium=rd.com&int_placement=mainnav
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://hooksecurity.co/phishing-examples/instagram-phishing-example
Title: via hooksecurity.co

Search URL Search Domain Scan URL

URL: https://www.prevailion.com/about/our-team/
Title: Karim Hijazi

Search URL Search Domain Scan URL

URL: https://cofense.com/company/management-team/
Title: Aaron Higbee

Search URL Search Domain Scan URL

URL: https://www.coalfire.com/about/executive-team
Title: Andrew Barratt

Search URL Search Domain Scan URL

URL: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
Title: FBI

Search URL Search Domain Scan URL

URL: https://www.avanan.com/blog/local-meetings-under-attack
Title: Avanan

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ReadersDigest

Search URL Search Domain Scan URL

URL: https://twitter.com/readersdigest

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/readersdigest/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/readersdigest

Search URL Search Domain Scan URL

URL: https://instagram.com/readersdigest

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=RDA&cds_page_id=256318&int_campaign=rda_20220101_footermagazine&cds_response_key=IB7BDU102&int_source=direct&int_medium=rd.com&int_placement=footer
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://www.tasteofhome.com/
Title: Taste of Home

Search URL Search Domain Scan URL

URL: https://www.familyhandyman.com/
Title: Family Handyman

Search URL Search Domain Scan URL

URL: https://www.birdsandblooms.com/
Title: Birds & Blooms

Search URL Search Domain Scan URL

URL: https://www.liferichpublishing.com/en
Title: LifeRich Publishing

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/brands/readers-digest/
Title: Advertise with Us

Search URL Search Domain Scan URL

URL: https://w1.buysub.com/pubs/RD/RDA/index.jsp?cds_page_id=69616&cds_mag_code=RDA
Title: Customer Service

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/ca-privacy-notice/
Title: Your CA Privacy Rights

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/ccpa-form-ca-residents
Title: Do Not Sell My Personal Information – CA Residents

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/our-commitment-to-accessibility/
Title: Accessibility Statement

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/privacy-policy/#advertising
Title: About Ads

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=RDA&cds_page_id=256318&int_campaign=rda_20220101_footerright&cds_response_key=IB7BDU101&int_source=direct&int_medium=rd.com&int_placement=footer
Title: <img src="https://www.rd.com/wp-content/uploads/2010/04/nl-subscribe-mag.png" alt="Subscribe to Reader's Digest" loading="lazy" style="width:95px" width="95" height="41">

Search URL Search Domain Scan URL

URL: https://www.google.com/chrome/
Title: Google Chrome

Search URL Search Domain Scan URL

URL: https://www.apple.com/safari/
Title: Apple Safari

Search URL Search Domain Scan URL

URL: https://www.mozilla.org/en-US/firefox/
Title: Mozilla Firefox

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/edge
Title: Microsoft Edge

Search URL Search Domain Scan URL

URL: https://shop.rd.com/?sourcekeyc=1B1Y7ZZXSC&sourcekeys=1B1Y7ZZXSS&sourcekeym=IX7QDU14M&int_campaign=srda_20220101_hamburger&int_source=direct&int_medium=rd.com&int_placement=hamburger
Title: Shop

Search URL Search Domain Scan URL

URL: https://order.readersdigest.com/servlet/OrdersGateway?cds_mag_code=RDA&cds_page_id=256318&int_campaign=rda_20220101_hamburger&cds_response_key=IB7RDU101&int_source=direct&int_medium=rd.com&int_placement=hamburger
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ReadersDigest/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/readersdigest/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/readersdigest/
Title: Twitter

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.email.rd.com/?qs=1c1850b33d0b9c3525b9114b00af26b2b904c95f6e467773a32105cf363c181e6cdb313f83b6c923e643d1c5a0c7f68375e02fc8d494dac3 HTTP 302
https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84

https://sb.scorecardresearch.com/c2/plugins/streamingtag_plugin_jwplayer.js?ver=1.0.0 HTTP 302
https://sb.scorecardresearch.com/internal-c2/default/streamingtag_plugin_jwplayer.js

Request Chain 114

https://sb.scorecardresearch.com/cs/6034767/beacon.js HTTP 302
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

Request Chain 149

https://rp.liadm.com/j?dtstmp=1660831976367&aid=a-00x0&se=e30&duid=0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny&tna=v2.4.0&pu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&wpn=lc-bundle&c=PHRpdGxlPldoYXQgSXMgU3Bvb2ZpbmcsIGFuZCBIb3cgQ2FuIFlvdSBQcm90ZWN0IFlvdXJzZWxmIGZyb20gVGhlc2UgU2NhbXM_PC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iU3Bvb2ZpbmcgaXMgYSBmdW5ueSB3b3JkLCBidXQgaXRzIGNvbnNlcXVlbmNlcyBhcmUgc2VyaW91cy4gSGVyZSdzIGhvdyBzcG9vZmluZyB3b3JrcywgdGhlIG1hbnkgZm9ybXMgaXQgY2FuIHRha2UgYW5kIGhvdyB0byBzdGF5IHNhZmUuIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly93d3cucmQuY29tL2FydGljbGUvc3Bvb2ZpbmcvIj48aDEgY2xhc3M9InBvc3QtdGl0bGUiPgoJCVdoYXQgSXMgU3Bvb2ZpbmcsIGFuZCBIb3cgQ2FuIFlvdSBTcG90IEl0Pwk8L2gxPg HTTP 302
https://rp4.liadm.com/j?dtstmp=1660831976367&aid=a-00x0&se=e30&duid=0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny&tna=v2.4.0&pu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&wpn=lc-bundle&c=PHRpdGxlPldoYXQgSXMgU3Bvb2ZpbmcsIGFuZCBIb3cgQ2FuIFlvdSBQcm90ZWN0IFlvdXJzZWxmIGZyb20gVGhlc2UgU2NhbXM_PC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iU3Bvb2ZpbmcgaXMgYSBmdW5ueSB3b3JkLCBidXQgaXRzIGNvbnNlcXVlbmNlcyBhcmUgc2VyaW91cy4gSGVyZSdzIGhvdyBzcG9vZmluZyB3b3JrcywgdGhlIG1hbnkgZm9ybXMgaXQgY2FuIHRha2UgYW5kIGhvdyB0byBzdGF5IHNhZmUuIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly93d3cucmQuY29tL2FydGljbGUvc3Bvb2ZpbmcvIj48aDEgY2xhc3M9InBvc3QtdGl0bGUiPgoJCVdoYXQgSXMgU3Bvb2ZpbmcsIGFuZCBIb3cgQ2FuIFlvdSBTcG90IEl0Pwk8L2gxPg&i6=MmEwMTo0YTA6MTMzODo5Mjo6MTE%3D&n3pc=true

Request Chain 253

https://cdn.jwplayer.com/strips/wYVLwyRG-120.vtt HTTP 301
https://assets-jpcust.jwpsrv.com/strips/wYVLwyRG-120.vtt

Request Chain 308

https://cdn.jwplayer.com/v2/media/12ECMfaR/poster.jpg?width=120 HTTP 302
https://assets-jpcust.jwpsrv.com/thumbnails/xd7aulte-120.jpg

Request Chain 362

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 363

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 364

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 365

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 366

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 367

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

343 HTTP transactions
27 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.rd.com/article/spoofing/
Redirect Chain

https://click.email.rd.com/?qs=1c1850b33d0b9c3525b9114b00af26b2b904c95f6e467773a32105cf363c181e6cdb313f83b6c923e643d1c5a0c7f68375e02fc8d494dac3
https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a...

569 KB
90 KB

151ms
55ms

Document
text/html

2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4466e77ca703ac365820bd5fdc2707702efa1abd0d0f185dc54ac6b686ed5a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 584
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=57600
cf-cache-status: HIT
cf-ray: 73cb3f480d1b9076-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 18 Aug 2022 14:12:55 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Thu, 18 Aug 2022 13:51:02 GMT
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hosted-by: 45AIR.COM
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: private
Connection: close
Content-Length: 342
Content-Type: text/html; charset=utf-8
Date: Thu, 18 Aug 2022 14:12:55 GMT
Location: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48

GET
H2 200 header.css
www.rd.com/wp-content/themes/bumblebee/ 50 KB
8 KB 92ms
87ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/header.css?ver=2.0.8

Requested by

Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a3dbe01c6d50d8264cc5c9b01a48a659ca032ba9c1260903e4242975e518cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=51556
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:05:13 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfca69-c964"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486da49076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 dashicons.min.css
www.rd.com/wp-includes/css/ 58 KB
34 KB 75ms
69ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-includes/css/dashicons.min.css?ver=5.9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 15 Jul 2022 08:34:57 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62d126b1-e688"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: text/css
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486da99076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 style.css
www.rd.com/wp-content/themes/bumblebee/ 53 KB
12 KB 67ms
62ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/style.css?ver=1.12.11

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b79630ec15683d0ed35aa5f175a2809a776c2f8075ec8b363ffec4b6c7b5b3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=68027
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:05:12 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfca68-109bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486daa9076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 style.min.css
www.rd.com/wp-includes/css/dist/block-library/ 77 KB
11 KB 66ms
61ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b6fef0a63424245b31b293b1a3bfd074c9da482e28fb9e920e1cf306e54e8a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 15 Jul 2022 08:34:57 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62d126b1-1357b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: text/css
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486dad9076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 widget-options.css
www.rd.com/wp-content/plugins/widget-options/assets/css/ 1 KB
371 B 68ms
63ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/widget-options/assets/css/widget-options.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8704f607741a4e0a4d82cf024d026c9e7c1d65241250c2223f31dca29a07dc15

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26121
cf-polished: origSize=1046
x-cache: MISS
last-modified: Tue, 11 Jan 2022 18:25:08 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"61ddcb84-416"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486dae9076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 wp-applaud.css
www.rd.com/wp-content/plugins/wp-applaud/assets/styles/ 401 B
252 B 71ms
66ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/wp-applaud/assets/styles/wp-applaud.css?ver=5.9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2dd397f2f81170f2fd0bd5cee8f455e200894e9e2a81a114c29aa7b6856d744

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=1111
x-cache: MISS
last-modified: Fri, 30 Aug 2019 21:21:58 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"5d699376-457"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486db19076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 popovers.css
www.rd.com/wp-content/plugins/easyazon/addition/components/popovers/resources/ 806 B
460 B 66ms
61ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/easyazon/addition/components/popovers/resources/popovers.css?ver=5.0.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a221b8ec55e0d82883699663672c218c4de02207132f344a6440d69df7094b7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=962
x-cache: MISS
last-modified: Tue, 24 Aug 2021 07:04:30 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"612499fe-3c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486db39076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 style.min.css
www.rd.com/wp-content/plugins/easy-table-of-contents/vendor/icomoon/ 438 B
299 B 68ms
63ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/easy-table-of-contents/vendor/icomoon/style.min.css?ver=2.0.17

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b88fca268e1352a0922f301c6b88f0499606c01faa8d0718de11a8153a5edc3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25452
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 30 Mar 2020 17:10:48 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"5e822818-1b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: text/css
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486db79076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 screen.min.css
www.rd.com/wp-content/plugins/easy-table-of-contents/assets/css/ 5 KB
1 KB 73ms
69ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver=2.0.17

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22af5d3bf749542c2d95975186991b7b8c1e0766449c3fdeab55d57eb0d1ffdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 22 Jan 2021 19:48:32 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"600b2c10-13ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: text/css
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f486db89076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 facets-styles.min.css
www.rd.com/wp-content/plugins/elasticpress/dist/css/ 3 KB
1 KB 79ms
75ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/elasticpress/dist/css/facets-styles.min.css?ver=3.4.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5c3760ebad493fbb95c0ac2cbcdeca727826c3f9c78719d2964c62abca3c7a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 09 Oct 2019 00:49:00 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"5d9d2e7c-bab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: text/css
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487ddb9076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 taboola.css
www.rd.com/wp-content/plugins/pup-taboola/css/ 106 B
188 B 70ms
65ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-taboola/css/taboola.css?ver=5.9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae97441771e91747997d983ff28bdb321a821846d2d6da01587f01d0fe33c5b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=127
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:46 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d6-7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487ddc9076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
41 KB 130ms
46ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-17041328-1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

84efaf5837250e134b9ad38aab56d5f178bdf2e50f1f3a99e576c2e69b60c6c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41847
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 18 Aug 2022 14:12:56 GMT

GET
H2 200 regenerator-runtime.min.js Show response
www.rd.com/wp-includes/js/dist/vendor/ 6 KB
2 KB 79ms
75ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 15 Jul 2022 08:34:57 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62d126b1-195e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487ddf9076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 wp-polyfill.min.js Show response
www.rd.com/wp-includes/js/dist/vendor/ 19 KB
7 KB 80ms
76ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 15 Jul 2022 08:34:57 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62d126b1-4b3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487de19076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 hooks.min.js Show response
www.rd.com/wp-includes/js/dist/ 6 KB
2 KB 78ms
74ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25452
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 15 Jul 2022 08:34:57 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62d126b1-163a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487de49076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 js-util-query.js Show response
www.rd.com/wp-content/mu-plugins/tmbi-js-utils/js/ 685 B
461 B 87ms
83ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/mu-plugins/tmbi-js-utils/js/js-util-query.js?ver=1.0.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b0602eeeb1484cc85d98733fb9441e16d91eb68beb26c19519ea7e61c1d48d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25452
cf-polished: origSize=1104
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:03:08 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9ec-450"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487de69076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 moatheader.js Show response
z.moatads.com/tmbiyieldheader910374028064/ 249 KB
86 KB 163ms
48ms Script
application/x-javascript 23.47.209.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/tmbiyieldheader910374028064/moatheader.js?ver=1.0.3
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-209-169.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: a2acf545701465b3ff3d92f1d80eae2743004fff551e072738e00372b14b903b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:36:36 GMT
server: AmazonS3
x-amz-request-id: 5N6TXVPCNDCZ3K6Z
etag: "54974b64d7b24f9529e117fff9d417b8"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=9633
accept-ranges: bytes
content-length: 87460
x-amz-id-2: G9m0BOi+0i20IoBCxYHTdF4mWgj5Xlur7NoVml1WmzV1UuymFUGg8k4BNs5jwoBBeCHxcUVkXOY=

GET
H2 200 moat-timeout.js Show response
www.rd.com/wp-content/plugins/pup-moat-yield-intelligence-tool/js/ 1 KB
688 B 84ms
80ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-moat-yield-intelligence-tool/js/moat-timeout.js?ver=1.0.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5577de66fefd6de448a833fd84d9a752e707cd52c7ff42ffdbbf8431d0551fa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=2226
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:26 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9c2-8b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487de99076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 jquery.js Show response
www.rd.com/wp-includes/js/jquery/ 141 KB
42 KB 98ms
94ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-includes/js/jquery/jquery.js?ver=1.0.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a26f948122b1fe863bae3e65f7a64893e6e29e8e760ac075654174f96171cdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=288600
x-cache: MISS
last-modified: Fri, 15 Jul 2022 08:34:57 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62d126b1-46758"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487deb9076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 472 KB
135 KB 191ms
61ms Script
application/x-javascript 23.47.209.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.209.80 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-209-80.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7c6cd1e00f3a764bd02e959653a10d529dbfe1012d64f253d7490c625ed6a654

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Thu, 18 Aug 2022 14:12:56 GMT
Content-Encoding: gzip
x-amz-request-id: XY4KBT20QRB491NE
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: CE8MTDM8IDOKqDfk0qLGvM7Qc2vna6f7qULGHGe80blCQbzWmeAY53DsYOlrImiO0NyY3S37jHo=
Last-Modified: Fri, 12 Aug 2022 01:01:09 GMT
Server: AmazonS3
ETag: "febd3311857289fff1b140dfb03d0b67"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H3 200 pinterest-pixels.js Show response
www.rd.com/wp-content/plugins/pup-pinterest-pixels/js/ 452 B
641 B 55ms
54ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-pinterest-pixels/js/pinterest-pixels.js?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d02ab98a558ccea032a6a1bc2bfefd2b4a2a3a1aa9f3dad40c70d4486f87704a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27287
cf-polished: origSize=489
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:36 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9cc-1e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f4aa85c918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H2 200 131817X1594237.skimlinks.js Show response
s.skimresources.com/js/ 56 KB
21 KB 143ms
40ms Script
application/octet-stream 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/131817X1594237.skimlinks.js?ver=1.0.0
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 652d82ad34da02c9602d66332cfc52fb39b65da77c70a9faa518d859faf360b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: gzip
last-modified: Thu, 19 May 2022 18:45:58 GMT
server: AmazonS3
x-amz-request-id: E1A3RY27KBHYN6FD
etag: "661d714e3ca1e6506ddb422dcbb04b0c"
x-hw: 1660831975.cds155.fr8.hn,1660831975.cds240.fr8.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 20729
x-amz-id-2: 6zthjTbzX58CHvgFRgi83gjSQMwLd6r4dGxmuE/g9JQP8meXZ4Ze/L56Kd43fb9gM87zDRn1iKE=

GET
H2 200 newsroom-post-script.js Show response
www.rd.com/wp-content/plugins/pup-taboola/js/ 1006 B
647 B 80ms
77ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-taboola/js/newsroom-post-script.js?ver=1.0.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

156653c0c2c026afc382bbbe02e0ac95ae4734401670cdb06e44665de0e46000

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=1316
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:46 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d6-524"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487def9076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 rd.com.js Show response
cdn.brandmetrics.com/tag/a969c5a7d4e5408485948e8e11899567/ 4 KB
3 KB 133ms
46ms Script
text/javascript 2606:4700:20::ac43:45f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/tag/a969c5a7d4e5408485948e8e11899567/rd.com.js?ver=1.1
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:45f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8de0855c47222af42a9ed9ed62ea1f58ab5d89b620a06f285aeb451ddca8543f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 18 Aug 2022 13:39:10 GMT
server: cloudflare
age: 2026
cf-polished: origSize=4729
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6qgkSgLT5ZsJ%2FCeR8d4ynCM%2FGP1e2Ngs9FHxFf70Of%2FHXt8EtkN7cgxDf%2F63b3G1nFK27neLG8J8w%2B3th%2FGUOhcev5UpuZdC2iq5ZZiaI3p43rHa9WOmMuYngmb5JKiLtLqMuU3OjBJsaFMNMXcxju8%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73cb3f4b2b7e9ba6-FRA
cf-bgj: minify

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
27 KB 119ms
39ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js?ver=2.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4ff1b9b91db584b19d20b4d02af9ff7673add161ce3f9ceae9391b3a84fddab1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26515
x-xss-protection: 0
pragma: public
x-fb-debug: WK1n/hGV91E9/IG3xt7LUK87Nd6BpZnfiBLiXppJVhjaHSwtgqC1fEhcbb4VFHit7oXUSwKfjItrOHiSqbnqeA==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 18 Aug 2022 14:12:56 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 a-00x0.min.js Show response
b-code.liadm.com/ 27 KB
10 KB 158ms
50ms Script
application/javascript 2600:9000:2304:e200:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-00x0.min.js?ver=1.0
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:e200:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 9aff82bb6bf217571cd2bfc3d1cee2b915056bfad051044e914352826c33d320

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 11:50:41 GMT
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
age: 8535
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-pop: VIE50-P1
content-encoding: gzip
x-amz-cf-id: yRhFrZfuagJ52RwXLJ9wvBxwtAI3Lubp-MftYDiNr_pMaEh6-iSUSw==

GET
H2 200 10696.js Show response
micro.rubiconproject.com/prebid/dynamic/ 359 KB
105 KB 185ms
59ms Script
text/javascript 23.7.197.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.7.197.114 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-7-197-114.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a6a06429105f522575f9dc82a176e6d7c505a29284c0529cfd141daa9d816e7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 16:47:32 GMT
server: Apache
vary: Accept-Encoding
edge-cache-tag: prod-prebid-10696_Readers_Digest_Desktop.js
content-type: text/javascript
access-control-expose-headers: x-trp-pba
cache-control: public, must-revalidate, max-age=0
content-length: 105958
x-trp-pba: {"ruleId":"4","rulePos":0,"ruleName":"Readers_Digest_Desktop","wrapperName":"10696_Readers_Digest_Desktop","isPrimary":true,"randomProb":42,"account":10696,"device":"desktop","country":"DE","host":"rd.com","isMobile":false,"isTablet":false,"reqHost":"micro.rubiconproject.com","referrer":["https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48"],"xForwardedFor":"","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36","query":"ver=1.0","ranAt":"2022-08-18T14:12:56.234Z","runId":"1660831976234-6043","wrapperPath":"/prebid/10696_Readers_Digest_Desktop.js","redirectUrl":"/prebid/get-wrapper/Readers_Digest_Desktop/10696_Readers_Digest_Desktop.js"}
expires: Fri, 19 Aug 2022 08:06:32 GMT

GET
H2 200 tmbi-prebid.js Show response
www.rd.com/wp-content/plugins/tmbi-prebid/js/ 872 B
554 B 68ms
65ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-prebid/js/tmbi-prebid.js?ver=1.1.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ad93024412465f56e8b0aa134d2a4dda848d68e23b5c20d12125f38f6a488c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25452
cf-polished: origSize=1948
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:03:47 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfca13-79c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487df19076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 wp-applaud.js Show response
www.rd.com/wp-content/plugins/wp-applaud/assets/scripts/ 856 B
521 B 81ms
79ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/wp-applaud/assets/scripts/wp-applaud.js?ver=5.9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b991004bf766883ecf36d27ff836b327b64abbca550239430fe9641b2fcc61d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=1202
x-cache: MISS
last-modified: Fri, 30 Aug 2019 21:21:58 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"5d699376-4b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487df39076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 permutive-tracking.js Show response
www.rd.com/wp-content/plugins/tmbi-permutive/js/ 1 KB
556 B 83ms
81ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-permutive/js/permutive-tracking.js?ver=1.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fc1943ad73b34c7ecc7fc573e931cef2eeca1c68ebc90ae8c3a8f4162319965

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=1486
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:03:41 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfca0d-5ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487df69076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 permutive-identifier.js Show response
www.rd.com/wp-content/plugins/tmbi-permutive/js/ 1 KB
608 B 79ms
77ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-permutive/js/permutive-identifier.js?ver=1.0.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1f6b58a8b32dea13acb29a386dab49f87293729abd1835672433d087bf29d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25452
cf-polished: origSize=2294
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:03:41 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfca0d-8f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487df89076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 permutive-video.js Show response
www.rd.com/wp-content/plugins/pup-video/js/ 8 KB
2 KB 79ms
76ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-video/js/permutive-video.js?ver=1.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de7826b311a111b9a3ca8f37f1455eb43a548fa7189c46d39118543bd87173af

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25452
cf-polished: origSize=11133
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:48 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d8-2b7d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487e019076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 clap-count-fix.js Show response
www.rd.com/wp-content/plugins/pup-applaud-helper/assets/js/ 867 B
483 B 87ms
84ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-applaud-helper/assets/js/clap-count-fix.js?ver=1.0.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9507cb1a3616e1442336158dcd9d6cfca240745ebe2a04e538e0e04cf11224

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=1888
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:53 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9a1-760"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487e059076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 Qrhs7tJs.js Show response
cdn.jwplayer.com/libraries/ 115 KB
41 KB 147ms
46ms Script
text/javascript 2600:9000:225e:6200:1:a3fa:7cc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:6200:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: a9851db0f24dac5cb080eb4ff5f25a58a0a4a71c3fe206e831cd5c8ec7f30ab2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:45 GMT
content-encoding: gzip
server: openresty
age: 10
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=180
x-amz-cf-pop: FRA60-P4
content-length: 41148
via: 1.1 21369bf2bfeb79adaa5bef1cb96f8540.cloudfront.net (CloudFront)
x-amz-cf-id: mrl4--cJTUv0aGLH9O7cFI_RtNzEa_MShKPFnb23VlTePuWj76xu0w==

GET
H2 200 bootstrapper Show response
tags.catapultx.com/ 18 KB
4 KB 150ms
49ms Script
application/javascript 2606:4700:3035::6815:29f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.catapultx.com/bootstrapper?ver=1.0.0
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:29f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9399dab3e383fdc22b2d578596ba65980795310122106ce73252718dea66ef7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 75
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 15 Aug 2022 15:21:52 GMT
server: cloudflare
etag: W/"57"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3LtJpI3Dnc7vTEwE35xxNWR2hYO0m3imO79s7ew%2FX4EeiOBtfYvSSBlv9oHMqk%2F7%2BM%2BrzvVwZsGQvBY%2F%2FtPgs4jCNy4pE5zabC4Pku0zKXPc8uSYUpVR1zz%2Bi8caL9GA2nh7V8JvxaFourgu7RB6%2BE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=180
cf-ray: 73cb3f490add9bc8-FRA

GET
H2 200 ad-stack.js Show response
www.rd.com/wp-content/plugins/pup-ad-stack/js/ 17 KB
5 KB 100ms
98ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-ad-stack/js/ad-stack.js?ver=5.3.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f6848f45929db24af962e27c4c96a44bd7e3bb4cdc8274e613315bb6e6eb435

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26592
cf-polished: origSize=29587
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:47 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc99b-7393"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f487e079076-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 tmbi-a9-header-bidder.js Show response
www.rd.com/wp-content/plugins/pup-a9-header-bidder/js/ 2 KB
1 KB 59ms
55ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-a9-header-bidder/js/tmbi-a9-header-bidder.js?ver=1.0.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5e24ad5cb560937b7ff087c5e6b7e5b5ee15e866d0725e1385fe98ad6268df6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27241
cf-polished: origSize=3101
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:48 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc99c-c1d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f4aa868918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 159 KB
41 KB 152ms
42ms Script
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 925ed48219a2d3c339c5d288fdae3f965efbca0e5ee4e369b7dcbb04b6ade06f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 18 Aug 2022 13:56:19 GMT
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront), 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified: Mon, 15 Aug 2022 16:12:00 GMT
server: AmazonS3
age: 998
etag: W/"52a6bc60961c702869c58b9d159c8e37"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA2-C1
content-encoding: gzip
x-amz-cf-id: lswcazt2zxzY_xcXu4dvsudis-GtxFNt65YycYROSkMmCg8QLLpsxA==

GET
H2 403 d82f7a30-751a-4689-b7e9-19336a89ab46-web.js
d82f7a30-751a-4689-b7e9-19336a89ab46.edge.permutive.app/ 0
0 135ms
44ms Script
text/html 2606:4700::6812:551
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d82f7a30-751a-4689-b7e9-19336a89ab46.edge.permutive.app/d82f7a30-751a-4689-b7e9-19336a89ab46-web.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:551 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 84 KB
29 KB 131ms
46ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a83df74ea8693edd7a7ca4fb10c486509148efcc6475a25c0f778738606695b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28731
x-xss-protection: 0
server: sffe
etag: "1307 / 582 of 1000 / last-modified: 1660821145"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 18 Aug 2022 14:12:56 GMT

GET
H2 200 pushly-sdk.min.js Show response
cdn.p-n.io/ 219 KB
50 KB 146ms
42ms Script
application/javascript 18.66.112.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=UQBO2QHQjsCWyyYZTALbCo47hmWzrEGU5rSy
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-102.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b6c2fd209cd3b56d6fc439c1191bf3aaff5cafc1ccc47d3f367e32f8180a37d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:03:31 GMT
content-encoding: gzip
last-modified: Sun, 07 Aug 2022 16:10:17 GMT
server: AmazonS3
age: 566
etag: W/"bc93a07177539bb59e158f212b647647"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 7be6cb2d0156b563b6b1c8f2595ddd52.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: AOzHVCU0fFSZEaxEHquHZN17-1sUPfCGGINmeWl-S49EnGluiZo_3w==

GET
H2 200 init-544opt5lxrll43mnvky.js Show response
aamapi.com/api/ 1 B
180 B 604ms
193ms Script
text/javascript 2600:1f14:600:6e00:74d0:abd:2041:a4f0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aamapi.com/api/init-544opt5lxrll43mnvky.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:600:6e00:74d0:abd:2041:a4f0 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:56 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript
server: openresty
content-encoding: gzip
expires: -1

GET
H2 200 tracker.js Show response
tracking.skyword.com/ 3 KB
4 KB 483ms
128ms Script
text/javascript 52.45.182.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.skyword.com/tracker.js?contentId=281474980179397
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.45.182.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-45-182-189.compute-1.amazonaws.com
Software: /
Resource Hash: 3c9237f8569d7a3cbf7ab25bf871ad84aadc0098e254f3af2790c05c6a98fea3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-length: 3553
content-type: text/javascript;charset=ISO-8859-1

GET
H3 200 brand.css
www.rd.com/wp-content/plugins/pup-first-published-taxonomy/css/ 366 B
563 B 144ms
144ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-first-published-taxonomy/css/brand.css?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dd1548d9bc310301ca3828e82a2f684d5ed2a799b37f53a79cc0a023da80d01

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=443
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:14 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9b6-1bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48acbf918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 content-card-inserter.css
www.rd.com/wp-content/plugins/pup-content-card/css/ 1 KB
870 B 144ms
138ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-content-card/css/content-card-inserter.css?ver=1.0.2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc094ffe53f9cc289462d2bd847678bb257c47a9fd48389c837d09d90f1176d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 21934
cf-polished: origSize=1589
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:01 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9a9-635"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcdb918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 footer.css
www.rd.com/wp-content/themes/bumblebee/ 17 KB
6 KB 145ms
138ms Stylesheet
text/css 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/footer.css?ver=2.0.8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71e5b6eb041cb505cab8acbb09548b57aa00ad344594519d2e3f8857a9687020

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:05:13 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfca69-4325"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcdc918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 referral-tracking.js Show response
www.rd.com/wp-content/plugins/pup-referral-tracking/js/ 620 B
678 B 145ms
139ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-referral-tracking/js/referral-tracking.js?ver=1.1.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2b86ff090038df34b053747723c34ff9a00de105a79dbc9011697aaabf58a4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=1402
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:37 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9cd-57a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcdd918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 comment-reply.min.js Show response
www.rd.com/wp-includes/js/ 3 KB
2 KB 145ms
139ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-includes/js/comment-reply.min.js?ver=5.9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16896
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 15 Jul 2022 08:34:57 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62d126b1-ba3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcde918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 comscore-mmx.js Show response
www.rd.com/wp-content/plugins/pup-comscore/js/ 608 B
708 B 145ms
139ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-comscore/js/comscore-mmx.js?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db0b2a9340137033881412a37a10f61ac49ca9017206bf08511d9d8fc0688dae

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=706
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:00 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9a8-2c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcdf918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 lazy-load.js Show response
www.rd.com/wp-content/plugins/pup-nativo/assets/js/dist/ 4 KB
2 KB 66ms
60ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-nativo/assets/js/dist/lazy-load.js?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51ac5b2d4d716f7fe76fb278275cda1184b8fcb2c18f64ee55842076bcdfdb93

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=4227
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:30 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9c6-1083"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bce1918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 skimlinks-nofollow.js Show response
www.rd.com/wp-content/plugins/pup-skimlinks/js/ 1 KB
871 B 145ms
139ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-skimlinks/js/skimlinks-nofollow.js?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8197cfb30b45b71af2f3bc2a64401b589ceb23b3d0b18b4e6dfffae7befcedf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25151
cf-polished: origSize=2014
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:41 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d1-7de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bce2918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 moatplugin.js Show response
z.moatads.com/jwplayerplugin0938452/ 4 KB
2 KB 178ms
106ms Script
application/x-javascript 23.47.209.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/jwplayerplugin0938452/moatplugin.js?ver=2.0.3
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-209-169.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0d910cc1aa24413aaeef9f2cb52c3ed8bc4a06e823fc1d2d26f75667a0233764

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: gzip
last-modified: Tue, 10 Apr 2018 14:31:58 GMT
server: AmazonS3
x-amz-request-id: 4673191EF1A52235
etag: "30b375ad7de497af4a70858611be5346"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=62625
accept-ranges: bytes
content-length: 1908
x-amz-id-2: dHAwrkfwMFISyJZxczAi9AnvzAZrMLihgzjWXyxgK2uLQpMQ0HEf/VNbgXE+VQ+BsIAPDays5X0=

GET
H2 200 wjcpcdaI.js Show response
content.jwplatform.com/libraries/ 126 KB
44 KB 140ms
44ms Script
text/javascript 2600:9000:225e:400:1:a3fa:7cc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.jwplatform.com/libraries/wjcpcdaI.js?ver=2.0.3
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:400:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: 9421c452fe1019dd024ca96ae9803be08adaac8244c4572ba25089b938f1d232

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:11:35 GMT
content-encoding: gzip
server: openresty
age: 80
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=180
x-amz-cf-pop: FRA60-P4
content-length: 44627
via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
x-amz-cf-id: _Epq5CFaEyoyYL_IOEbofSYj7PTQH143fJ1XfJsuZXeiEV6mtVvXuw==

GET
H3 200 a9-video-bidder.js Show response
www.rd.com/wp-content/plugins/pup-video/js/ 976 B
897 B 145ms
140ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-video/js/a9-video-bidder.js?ver=2.0.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7070c9402db323126f9422de0f47be9a29cda05bfe1dafe1af07306ca666b8f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=1595
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:48 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d8-63b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bce4918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 digitaldata.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/ 3 KB
1 KB 146ms
140ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/digitaldata.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71795f168f858d2b071378a3a6b78556eea59f816aaafaeffe8eb55ffdcf97bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=4664
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-1238"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bce5918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 GlobalCommon.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/ 3 KB
1 KB 69ms
63ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GlobalCommon.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5de2f269f121423a6e49c66c14466a779cd693fd6faeff3e04152024be81139c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=3117
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-c2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bce7918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 Common.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/ 10 KB
3 KB 70ms
65ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/Common.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f29595049d8fe1e75b1c0d062c5436594a18730673c161bc96e7200ba3026083

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=12496
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-30d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bce9918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 EngagementEvent.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/ 7 KB
2 KB 66ms
60ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/EngagementEvent.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a32b280803f80b434b6b9b12f856f921d71e98275415fdb71a8f59b742cd7eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27359
cf-polished: origSize=9918
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-26be"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcea918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 analytics.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/ 5 KB
2 KB 66ms
61ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/analytics.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9545822056572ccf35b6c6781374ef73bdee236004959748700ea7d644e0199d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=7383
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-1cd7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bceb918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 AccountEvent.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/ 1 KB
751 B 103ms
98ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/AccountEvent.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59b92dc54ec59de5e855231a626d0dce05e8a050b0f33ad1ddeda966a930ad43

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=1872
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-750"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bced918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 CartEvent.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/ 5 KB
1 KB 69ms
64ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/CartEvent.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08bc22c85c4246a31747bd1dc24007bf53be94f4e527e387ab0a1d81c637c3a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 24106
cf-polished: origSize=6686
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-1a1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcee918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 PrivacySetting.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/ 2 KB
823 B 145ms
140ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/PrivacySetting.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56e914584f77a21cf28171f6545abb9ec3246de4b923724d855d84cb1243a156

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=2157
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-86d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcef918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 SearchEvent.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/ 908 B
734 B 146ms
141ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/GoogleAnalytics/SearchEvent.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0156d148a5d904d8a4b276d8cae5b77667e05ae546fa3b441e3116aca02ee6c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=1212
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-4bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcf0918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 openweb-analytics.js Show response
www.rd.com/wp-content/plugins/tmbi-data-analytics/js/ 2 KB
874 B 146ms
141ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-data-analytics/js/openweb-analytics.js?ver=1.0.10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cc5de9fdb0201569f2566a0cf00f15a0fae5a4260c3982c1fcf679d5811dbde

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=2672
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:59 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9e3-a70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcf2918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 links.js Show response
www.rd.com/wp-content/plugins/easyazon/addition/components/localization/links/resources/ 653 B
700 B 66ms
61ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/easyazon/addition/components/localization/links/resources/links.js?ver=5.0.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91c00cb18c492812180645a760c3e76b611b3dfb8576de93a0fa453aee1b078d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=797
x-cache: MISS
last-modified: Tue, 24 Aug 2021 07:04:30 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"612499fe-31d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcf4918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 popovers.js Show response
www.rd.com/wp-content/plugins/easyazon/addition/components/popovers/resources/ 2 KB
1 KB 146ms
141ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/easyazon/addition/components/popovers/resources/popovers.js?ver=5.0.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f186210f22d15c9e99282bbc6f351ba7aa14966802f184537dfe273d695e826

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27358
cf-polished: origSize=2678
x-cache: MISS
last-modified: Tue, 24 Aug 2021 07:04:30 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"612499fe-a76"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcf6918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 slinky.min.js Show response
www.rd.com/wp-content/themes/bumblebee/js/util/ 4 KB
2 KB 68ms
64ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/js/util/slinky.min.js?ver=4.1.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1574db55dfbb34c01542fd1ef72942c1f9cd0aaf7a3ce135e0deb2e55dfdd486

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 26 Jul 2022 11:01:45 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc999-1110"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcf7918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 navigation.js Show response
www.rd.com/wp-content/themes/bumblebee/js/ 4 KB
2 KB 146ms
142ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/js/navigation.js?ver=1.2.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e421a0440b56149be838fad25420517bb36fc7135f18783835ddf6e73c29899

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=6167
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:45 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc999-1817"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcfa918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 navigation-2021.js Show response
www.rd.com/wp-content/themes/bumblebee/js/ 3 KB
1 KB 146ms
142ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/js/navigation-2021.js?ver=1.3.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67753bf8ff944e4b146d4d08aa0bf0ebcb1618994bc9384aeda849996d09c17c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=4201
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:45 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc999-1069"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcfc918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 sticky-header.js Show response
www.rd.com/wp-content/themes/bumblebee/js/ 2 KB
1 KB 65ms
60ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/js/sticky-header.js?ver=1.0.2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

889f28c7e0ff9ec3b2fb1f2cbdbe7c0d4a5a09a34406d76e89f8416b5cbd8457

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=2251
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:45 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc999-8cb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bcfe918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 IE11-check.js Show response
www.rd.com/wp-content/themes/bumblebee/js/ 283 B
571 B 146ms
142ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/js/IE11-check.js?ver=1.0.2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2e0a910385671a83ecc18e58bc12839a21260839514e18ab1862a6012008890

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=346
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:45 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc999-15a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd01918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 newsletter-module.js Show response
www.rd.com/wp-content/themes/bumblebee/js/ 3 KB
1 KB 147ms
142ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/js/newsletter-module.js?ver=1.1.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25debee90474604a5599e170d42a4c9bf6133d9aa6384ea3f1748a1106dafff6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=4210
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:45 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc999-1072"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd02918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 underscore.min.js Show response
www.rd.com/wp-includes/js/ 19 KB
8 KB 147ms
143ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-includes/js/underscore.min.js?ver=1.13.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f6366518c3d992d6a9a3aee342675532822d6b1d66217df7b284bb450dbb99a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 15 Jul 2022 08:34:57 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62d126b1-4a7d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd04918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 facets-script.min.js Show response
www.rd.com/wp-content/plugins/elasticpress/dist/js/ 126 KB
42 KB 102ms
97ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/elasticpress/dist/js/facets-script.min.js?ver=3.4.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

819f3136b7fa1d732f05ec1d9c773bed9bdcdb09e936fe964ae8fb70f29912f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27358
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 19 Dec 2019 03:53:18 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"5dfaf42e-1f8e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd06918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 smart-tag.js Show response
www.rd.com/wp-content/plugins/pup-bx/js/ 264 B
557 B 178ms
174ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-bx/js/smart-tag.js?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

435b827b100268bdb32cc3ffabf94331103010fd2d1ba26890fc639d53a1b525

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=341
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:55 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9a3-155"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd08918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 taboola_loader_async.js Show response
www.rd.com/wp-content/plugins/pup-taboola/js/ 1 KB
876 B 178ms
174ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-taboola/js/taboola_loader_async.js?ver=1.1.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c34e56c8477ca237b6ca14153f7187aa724b0ba5f764e28b91b3f7bbeb2a762

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=1353
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:46 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d6-549"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd0a918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 video-utils.js Show response
www.rd.com/wp-content/plugins/pup-video/js/ 5 KB
2 KB 178ms
174ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-video/js/video-utils.js?ver=2.0.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b59b7362e2f136f8eb50ee9ed29dbb5ca434c1067cb56de2cf9808679028929

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=8233
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:48 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d8-2029"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd0c918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 jw-player.js Show response
www.rd.com/wp-content/plugins/pup-video/js/ 13 KB
5 KB 179ms
175ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-video/js/jw-player.js?ver=2.0.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0e385c1e349d9f04e3f2d4df39f992f5d0115630e27c67e672296b947e4ebb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 24106
cf-polished: origSize=23867
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:48 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d8-5d3b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd0d918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 catapultx-tags.js Show response
www.rd.com/wp-content/plugins/tmbi-catapultx/js/ 840 B
785 B 179ms
175ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-catapultx/js/catapultx-tags.js?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4dd22a866cf7fa613e4a25f4e152e8d2f89e3e677c440e52c14e660927610e1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 23984
cf-polished: origSize=1310
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:03:48 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfca14-51e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd0e918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 social-share-sticky.js Show response
www.rd.com/wp-content/themes/bumblebee/js/ 2 KB
955 B 179ms
176ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/js/social-share-sticky.js?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d982282f0397d47ade6971a4fcc4510e48818e69b8d0a1f841ef7c2719d13de

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=2371
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:45 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc999-943"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd10918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 social-share-rf.js Show response
www.rd.com/wp-content/themes/bumblebee/js/ 2 KB
1 KB 179ms
176ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/themes/bumblebee/js/social-share-rf.js?ver=5.9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38ecfd35f3df13ac05900016fbb5975080b2856f6029ad5455203c0f5550c8ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=3142
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:01:45 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc999-c46"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd11918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 flbuttons.min.js Show response
cdn.flipboard.com/web/buttons/js/ 7 KB
4 KB 152ms
44ms Script
text/html 2600:9000:2304:a200:e:5a70:ca4f:f701
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flipboard.com/web/buttons/js/flbuttons.min.js?ver=2017-10-10
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:a200:e:5a70:ca4f:f701 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f039e32c9e62cd2acc5bf02dec7282686e6f41be6b01bfa249f9590cda747cba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 16:12:39 GMT
content-encoding: gzip
last-modified: Wed, 23 Dec 2020 17:43:48 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1608743508/ctime:1608745368/gid:1000/gname:ubuntu/md5:e9b04ad509ffb00302d9625f75774548/mode:33204/mtime:1608745368/uid:1000/uname:ubuntu
age: 79217
etag: W/"e9b04ad509ffb00302d9625f75774548"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html
via: 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: omZ60HSHjsqnWdENdQpqbTwd7ZFkoY68TSoj8TuiADT5_17n-zvzUA==

GET
H3 200 tmbi-prebid-video.js Show response
www.rd.com/wp-content/plugins/tmbi-prebid/js/ 1020 B
898 B 180ms
176ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/tmbi-prebid/js/tmbi-prebid-video.js?ver=1.1.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da3db457741823b2b3579b647a3d800eee052062f99208c8ca15c490bc4e142a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26132
cf-polished: origSize=2313
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:03:47 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfca13-909"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd13918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H2 200 sdk.js Show response
widget.beop.io/ 4 KB
3 KB 822ms
391ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/sdk.js?ver=1.0.0

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lha/8D20) /

Resource Hash

4f547216fc3d272c79a70122176c3899c6895e63ae6373ce0ef359c5145f7374

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "10e9-EVoK9k1dchzpLYVgfyNaPlh7dMo+gzip"
age: 263
x-cache: HIT
content-length: 2276
x-ocdn-accept-language: de
last-modified: Thu, 18 Aug 2022 14:08:33 GMT
server: ECAcc (lha/8D20)
date: Thu, 18 Aug 2022 14:12:56 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300
expires: Thu, 18 Aug 2022 14:17:56 GMT

GET
H2

200

streamingtag_plugin_jwplayer.js Show response
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain

https://sb.scorecardresearch.com/c2/plugins/streamingtag_plugin_jwplayer.js?ver=1.0.0
https://sb.scorecardresearch.com/internal-c2/default/streamingtag_plugin_jwplayer.js

210 KB
53 KB

43ms
43ms

Script
application/javascript

13.225.78.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-c2/default/streamingtag_plugin_jwplayer.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Server: 13.225.78.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-39.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 96281150fc4b153640ffd15f9ce9a133ee631aecb0f955cd67974e72af74ae64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:08:01 GMT
content-encoding: gzip
etag: W/"45e1b1186d270bf042fe7ed57882f85b"
last-modified: Thu, 24 Feb 2022 15:25:16 GMT
server: AmazonS3
age: 295
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: nsWaLUk8dLCTpDjV-5nRglUL913D8OcuCnG0FpiF8yYOMcxs8xN0IQ==

Redirect headers

location: /internal-c2/default/streamingtag_plugin_jwplayer.js
date: Thu, 18 Aug 2022 14:12:55 GMT
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
content-length: 0
x-amz-cf-id: N2axaTYJ0uNZxmuoWOnXKM2RvELmBZDJ2EPBEUoXR7bUENQ28IrNRA==
x-cache: Miss from cloudfront

GET
H3 200 jw-player-comscore.js Show response
www.rd.com/wp-content/plugins/pup-comscore/js/ 748 B
819 B 180ms
177ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/pup-comscore/js/jw-player-comscore.js?ver=1.0.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7658233cbe36b832efda5b9a27f917453114586626666ed6142b0c50a2e8fcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
cf-polished: origSize=1197
x-cache: MISS
last-modified: Tue, 26 Jul 2022 11:02:00 GMT
x-cache-hits: 0
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9a8-4ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f48bd14918c-FRA
expires: Sun, 15 Aug 2032 14:12:55 GMT

GET
H3 200 lazyload.min.js Show response
www.rd.com/wp-content/plugins/rocket-lazy-load/assets/js/16.1/ 8 KB
3 KB 65ms
62ms Script
application/javascript 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/wp-content/plugins/rocket-lazy-load/assets/js/16.1/lazyload.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26978
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 15:24:08 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"5f3d4418-1ed2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: application/javascript
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f4aa86b918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 146ms
65ms Script
text/javascript 2606:4700:440e::ac40:9c1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::ac40:9c1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 73cb3f4c0b93bb9d-FRA

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
840 B 138ms
52ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap

Requested by

Host: www.rd.com
URL: https://www.rd.com/wp-content/themes/bumblebee/style.css?ver=1.12.11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5bbc49b8e4b608dd8d1539e5f394825fa16220f5ba9d25d502c4493e690e75ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/wp-content/themes/bumblebee/style.css?ver=1.12.11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 12:19:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 18 Aug 2022 14:12:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Aug 2022 14:12:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
974 B 132ms
46ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Unna:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: www.rd.com
URL: https://www.rd.com/wp-content/themes/bumblebee/style.css?ver=1.12.11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

351846a513b381063c0b9916ede4a812391bd06c3465763c65fc166123b7e4fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/wp-content/themes/bumblebee/style.css?ver=1.12.11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 12:31:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 18 Aug 2022 14:12:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Aug 2022 14:12:55 GMT

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 624 B
798 B 361ms
81ms Script
text/html 52.18.219.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CC%24%3D!!tmxgk3M%5EIz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C2%2C2%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-9F40f4wxI9tas3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-72gZfkPjUIRx5A%3D%3D&sc=1&os=1-rQ%3D%3D&qp=10000&is=&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pcode=tmbiyieldheader910374028064&rx=814006546536&callback=MoatNadoAllJsonpRequest_18870466
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/tmbiyieldheader910374028064/moatheader.js?ver=1.0.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.219.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-219-233.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: 9175b6d35e60afb00e98f0bce021f135677a950f58e518934d0d82066fc757bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "3c21c63dece6009df4b55a9c3b029e46f2fbed52"
content-length: 624
content-type: text/html; charset=UTF-8

GET
H2 200 iframe.html Show response
z.moatads.com/hd09824092/ Frame 34F6 1 KB
2 KB 48ms
48ms Document
text/html 23.47.209.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/hd09824092/iframe.html
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/tmbiyieldheader910374028064/moatheader.js?ver=1.0.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-209-169.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=2227
content-length: 1374
content-type: text/html
date: Thu, 18 Aug 2022 14:12:56 GMT
etag: "4a9cbc2e5bc164313dace42a58bef141"
last-modified: Tue, 26 Jan 2021 22:41:39 GMT
server: AmazonS3
unused62: 8096267
x-amz-id-2: gXq1jnFFl4IgE5Pg5fR5Wfc+1TB9/Cmj+UrSQ9R4E/iyyULSAwUvNs2QnDu7Isiuz0ACko/5hfU=
x-amz-request-id: 7653428B85424DDC

POST
H2 200 / Show response
r.skimresources.com/api/ 177 B
382 B 157ms
47ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/131817X1594237.skimlinks.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

c3b1f04906e025cc88a620b9ab2588afc484757b0e1a13c51ccf4d9cf1ef384d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://www.rd.com
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 78D6 0
134 B 155ms
46ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6521038469039535
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.10 aiohttp/3.8.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 google
server: Python/3.10 aiohttp/3.8.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
276 B 136ms
46ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=10.11340357242083
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 121ms
47ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=10.11340357242083
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H3 200 cx-bootstrapper-init Show response
tags.catapultx.com/cxo/ 40 KB
9 KB 94ms
47ms Script
application/javascript 2606:4700:3035::6815:29f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.catapultx.com/cxo/cx-bootstrapper-init
Requested by: Host: tags.catapultx.com
URL: https://tags.catapultx.com/bootstrapper?ver=1.0.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:29f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 7de4eb6772062a9a982e1c944ec97184372ce8319bbc9bd135793e7ac98accf1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 15 Aug 2022 15:21:52 GMT
server: cloudflare
etag: W/"57"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xxcqZdn9%2BbcVpEd9ZGHDI678o7IQILa%2F0699RX201wuw8uaD%2Fgq7tycfMdwBn19BtTlGaGdzHuXfipjx8zR0q1kztiWZ4UHcRlEkJ7%2BEsZpCNl3gLDTgnELEbrdnwlmEHuCDiUIMDAd3q%2BNTQwGYcbs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=180
cf-ray: 73cb3f4affa49944-FRA

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13709eb92cc8d30ddca86cac6a763b4e40a4a5d6a338ce79e4220d91fe24c36a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 483784ecdf80ccaffd50869e23e2efdbeed9343b1b4c7dae837667e4984a68a7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b268fa9e727fb03331446edd6222f2f4e7c2bdb242b14939e4b5cacf4e7be9a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11e5934d20c6bd213399fe63dc8de240747a0b49a7f782aec6981d6a66e08282

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0b68a2820314b9d471468ca2fcb17de112c4c864f048e50d593f054962f2c9d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52b31d95b3be7d837502b15107ad1edf7f9c3ce42773ce65361336dde7597ab6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b9544dbbc4559751f0ceafc848716911393670f4e5bd8ae18e952d7d08bd346b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 thehealthy-logo.svg
www.rd.com/wp-content/uploads/2021/09/ 3 KB
2 KB 50ms
49ms Image
image/svg+xml 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/uploads/2021/09/thehealthy-logo.svg

Requested by

Host: www.rd.com
URL: https://www.rd.com/wp-content/themes/bumblebee/header.css?ver=2.0.8

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52b31d95b3be7d837502b15107ad1edf7f9c3ce42773ce65361336dde7597ab6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/wp-content/themes/bumblebee/header.css?ver=2.0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9975269
x-vc-enabled: true
x-vc-ttl: 5256000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 21 Sep 2021 07:31:49 GMT
server: cloudflare
etag: W/"61498a65-b4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: public, max-age=315360000
cf-ray: 73cb3f4ab8a0918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
31 KB 122ms
39ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 17:46:43 GMT
x-content-type-options: nosniff
age: 159973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Aug 2023 17:46:43 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38bed02d21c97f485e7ecaca13845a1cd4c3ee53a302d039a7b30b6754ba8ba6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b95858735105ac1d42fbd2b854eac21f947a1a3c7cb6e45c3787d4fe5e7a747b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0660862c3bbbb31cd2e4a79c5b9ba036356e35e5c80ce5b7b66cc06c93865162

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bfcc2143b6f0635117b7354d9c0965778cd10168c10ca661d0ce42af30820951

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 404 tueun4W6.jpg
content.jwplatform.com/thumbs/ 0
373 B 143ms
143ms Image
text/plain 2600:9000:225e:400:1:a3fa:7cc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.jwplatform.com/thumbs/tueun4W6.jpg
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:400:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
server: openresty
x-amz-cf-pop: FRA60-P4
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=180, max-stale=180
x-cache: Error from cloudfront
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
content-length: 0
x-amz-cf-id: wksOcsz6pelz2_vKRzW6bOnU7ozuw2qgUeKtQjg1CyGqI3I8KI9lgg==

GET
H2 200 JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
fonts.gstatic.com/s/montserrat/v25/ 31 KB
31 KB 138ms
77ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33befdbbb24930584f5ac94ea3117adcd56518f20ab1619d05de83ffd1821d38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 04:47:18 GMT
x-content-type-options: nosniff
age: 120338
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31760
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:54:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Aug 2023 04:47:18 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9629c59fb5d325a2fdf7324f731f6e8a4ee507af7d1bd260a4d290ee69c4d17c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

beacon.js Show response
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain

https://sb.scorecardresearch.com/cs/6034767/beacon.js
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

4 KB
2 KB

38ms
38ms

Script
application/javascript

13.225.78.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Server: 13.225.78.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-39.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:10:23 GMT
content-encoding: gzip
etag: W/"5b0f9f0704a703b8da651007721fac57"
last-modified: Thu, 04 Mar 2021 13:31:34 GMT
server: AmazonS3
age: 154
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: IQGDXzrXYB6RPWDEw_9DaCZxSr1xIjJF1q0KDQvKT64lwNF4-nDLug==

Redirect headers

location: /internal-cs/default/beacon.js
date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
content-length: 0
x-amz-cf-id: UOe0WZhlaqABxrSZRqBVn4D1rEI3AtAcYl-FlM2oc9KQtrAWsxrOgQ==
x-cache: Miss from cloudfront

GET
DATA 200
OK truncated
/ 390 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed03606264f99e9e2b49861b119a5378d9c52f9bec0d56e9bf8f4a2afd0f05b5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 511 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d669534a76a01823b9c2c53e150cb5cbdf338e7e2e80e4c429b12935137d793a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 728 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 636d6f07b3e1c54521a32a4e40f9c889ef8fb235f024bcabd94cdb73f0b04901

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5726835a9449b924da62bf34cbe26cd64307f3c9159914f82fee7cab41aaf306

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 957 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f05e7cffaf25f8189d7f982960a21a7d99610b50102854ee49ff597f95cfc466

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 558 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5893c1ccc8413220bf8a158af5a06e45ec294fe853348dd19b68f221ba4833f5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 i.js Show response
tag.bounceexchange.com/948/ 22 KB
8 KB 213ms
39ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.bounceexchange.com/948/i.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/wp-content/plugins/pup-bx/js/smart-tag.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 09e04bcc5287685edd35ea0953cb6c0605409dd3b3cacafdc23ca72c1c204a0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:11:59 GMT
content-encoding: gzip
age: 57
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8115
access-control-allow-origin: *
server: istio-envoy
etag: e92cd93db47b16
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
via: 1.1 google
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect

GET
H2 200 clear.gif
cdn.flipboard.com/dev_O/ 43 B
492 B 45ms
44ms Image
image/gif 2600:9000:2304:a200:e:5a70:ca4f:f701
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flipboard.com/dev_O/clear.gif?utm_source=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:a200:e:5a70:ca4f:f701 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 21:46:47 GMT
via: 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront)
last-modified: Wed, 23 Dec 2020 17:41:53 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1608745226/ctime:1608745224/gid:20/gname:staff/md5:ad4b0f606e0f8465bc4c4c170b37e1a3/mode:33188/mtime:1608745180/uid:501/uname:greg
age: 59170
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 43
x-amz-cf-id: mWZJhu7NeSfBEhKVUG1P-N1V0khnNWui9t4Su9PoW5wQn1Pwx0MJ6Q==

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
1 KB 543ms
49ms Script
application/javascript 2a04:4e42:4b::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/wp-content/plugins/pup-pinterest-pixels/js/pinterest-pixels.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4b::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a67117312ce631cdfc251dfbb90058bc01e3849deb0cd7fed130745b5813d1b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
fastly-restarts: 1
x-cdn: fastly
etag: "2dda33348480d93c64a825f2616f03ce"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
content-length: 1142
access-control-expose-headers: X-CDN

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b06e1c6d409d4a667970959397d39f5ddbf9803cbf7f9acb70fe00b8127cf4f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 23 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ddfea4688644106797f10d32994fd83c3508ba7090bf893c430c8cd2e573d8c6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bef08bfc4f5df889affb046f13acf8a5aba7d656918647bedc7c98eade9ffe4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 facebook-letter-logo.svg
www.rd.com/wp-content/plugins/pup-social-share//images/ 750 B
827 B 57ms
56ms Image
image/svg+xml 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/plugins/pup-social-share//images/facebook-letter-logo.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c1bfdb14d27bda31dfee5f766c56a12bf8a618d7fb24cb9c0c539a35b2090b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 22569
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 26 Jul 2022 11:02:45 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d5-2ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/svg+xml
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f4b79d4918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H2 200 flipboard_mrrw.png
cdn.flipboard.com/badges/ 1 KB
2 KB 51ms
44ms Image
image/png 2600:9000:2304:a200:e:5a70:ca4f:f701
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flipboard.com/badges/flipboard_mrrw.png
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:a200:e:5a70:ca4f:f701 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06b975b2cad4370629c5bb9f5b74f395b9dec39b45fe771396f1b47733b0f56d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 17:17:34 GMT
via: 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront)
last-modified: Wed, 07 Feb 2018 22:03:54 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1518040941/ctime:1518040834/gid:20/gname:staff/md5:6cb843c4059c54d852c96651d66e5364/mode:33152/mtime:1518064798/uid:502/uname:jlee
age: 75332
etag: "6cb843c4059c54d852c96651d66e5364"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 1194
x-amz-cf-id: h1fLBKoIoFp-crrIthfqQKE0XxVYOTRYhL2TLb26E37zKZmvTqjX8w==

GET
H3 200 twitter-logo.svg
www.rd.com/wp-content/plugins/pup-social-share/images/ 1 KB
1 KB 55ms
50ms Image
image/svg+xml 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/plugins/pup-social-share/images/twitter-logo.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37c9dcde8c4a0a5a7dcf5210b9f7cc93a1cbedfe367593480bcd0e383dbb60c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 22569
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 26 Jul 2022 11:02:45 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d5-57e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/svg+xml
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f4b79dc918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 pinterest-social-visual-website-logotype.svg
www.rd.com/wp-content/plugins/pup-social-share/images/ 1 KB
1 KB 56ms
51ms Image
image/svg+xml 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/plugins/pup-social-share/images/pinterest-social-visual-website-logotype.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b371fe7914ea1f48622b928d3677af13d177e4e9595fc1d3395d8024f682762

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 22569
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 26 Jul 2022 11:02:45 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d5-565"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/svg+xml
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f4b79e0918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 envelope.svg
www.rd.com/wp-content/plugins/pup-social-share/images/ 1 KB
1 KB 91ms
87ms Image
image/svg+xml 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/plugins/pup-social-share/images/envelope.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2bad1e576aa96df171e492e3119d2da02486866a4fcb62a0ba57a8f5ff1d394

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 22569
x-cache: MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 26 Jul 2022 11:02:45 GMT
server: cloudflare
cache-control: public, max-age=315360000
etag: W/"62dfc9d5-4f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/svg+xml
vary: Accept-Encoding
x-hosted-by: 45AIR.COM
cf-ray: 73cb3f4b79e1918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 Brooke-Nelson.jpg
www.rd.com/wp-content/uploads/2020/07/ 1 KB
2 KB 52ms
48ms Image
image/jpeg 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/uploads/2020/07/Brooke-Nelson.jpg?fit=50,50

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

30feb868b91d2a3e257714429d405330693e2942388bb302396ef19044261b5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14621583
x-powered-by: Express
x-vc-enabled: true
x-cloud-trace-context: 29cb2dfed2abe4538712ca4177bda30f
x-vc-ttl: 5256000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1133
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: W/"212e-Q8BD4QoeBklaPlHZt1rtDSJgaLY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=315360000
cf-polished: degrade=85, origSize=8494
accept-ranges: bytes
cf-ray: 73cb3f4b79e2918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 What-Is-Spoofing-FT-GettyImages-1271491105_v2.jpg
www.rd.com/wp-content/uploads/2022/08/ 27 KB
27 KB 53ms
49ms Image
image/jpeg 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/uploads/2022/08/What-Is-Spoofing-FT-GettyImages-1271491105_v2.jpg?resize=700,700

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

c00b292b869ab89aaa84d4029f179944df8c71088d09f9f45c73bbc9ef1f23ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10565
x-powered-by: Express
x-vc-enabled: true
x-cloud-trace-context: 74466f98607146e752c8fe9db7f81615
x-vc-ttl: 5256000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27630
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: W/"c524-UxYJ4ZcBPx8n24raW33kHOwCLUg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=315360000
cf-polished: degrade=85, origSize=50468
accept-ranges: bytes
cf-ray: 73cb3f4b79e4918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 What-Is-Spoofing-Real_v2.jpg
www.rd.com/wp-content/uploads/2022/08/ 26 KB
27 KB 91ms
87ms Image
image/jpeg 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/uploads/2022/08/What-Is-Spoofing-Real_v2.jpg?resize=700,467

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

cd23844164d5653d98bd64431b6d9cbde0577cea27ef537563aab40c6d1fcd55

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10561
x-powered-by: Express
x-vc-enabled: true
x-cloud-trace-context: 3af8166c098bd660f47c93262812498a
x-vc-ttl: 5256000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26904
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: W/"c104-zN6cSYEhlWIbJY21YR9L8sMfsfQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=315360000
cf-polished: degrade=85, origSize=49412
accept-ranges: bytes
cf-ray: 73cb3f4b79e5918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 What-Is-Spoofing-Spoof_v2.jpg
www.rd.com/wp-content/uploads/2022/08/ 29 KB
29 KB 54ms
51ms Image
image/jpeg 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/uploads/2022/08/What-Is-Spoofing-Spoof_v2.jpg?resize=700,467

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

b31e6be12d0c1606d7bd1bbed70f04df186cb8a8f9508defb87246837754130f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10558
x-powered-by: Express
x-vc-enabled: true
x-cloud-trace-context: e92c7f2bac0d732c1f3bda59b1d3a4db
x-vc-ttl: 5256000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29476
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: W/"c9df-VHQBMCM8p+a8aQiLf76b6KRShOo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=315360000
cf-polished: degrade=85, origSize=51679
accept-ranges: bytes
cf-ray: 73cb3f4b79e6918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 gettyimages-1333904850.jpg
www.rd.com/wp-content/uploads/2022/02/ 5 KB
6 KB 91ms
88ms Image
image/jpeg 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/uploads/2022/02/gettyimages-1333904850.jpg?resize=150,150

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

bd9afb705b2332b752e935df5ceb02ab2cc83d464d18f2b0f3f603f65022a4d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 265783
x-powered-by: Express
x-vc-enabled: true
x-cloud-trace-context: f0ce15c447752ac9dab6005f608eabd4
x-vc-ttl: 5256000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5545
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: W/"51e9-fCOhHVx0X4KHJMytiaqypRi3j4w"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=315360000
cf-polished: degrade=85, origSize=20969
accept-ranges: bytes
cf-ray: 73cb3f4b79e7918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 RD-zelle-scams-GettyImages-925721224.jpg
www.rd.com/wp-content/uploads/2022/07/ 6 KB
6 KB 91ms
88ms Image
image/jpeg 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/uploads/2022/07/RD-zelle-scams-GettyImages-925721224.jpg?resize=150,150

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d1b74ee9f627e2f67e9751ac25d1b47cd77e0f901e6ea897fa4fc88ec9efa9c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10565
x-powered-by: Express
x-vc-enabled: true
x-cloud-trace-context: f23f4da0221eda827df84c6eb9aee8fe
x-vc-ttl: 5256000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6103
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: W/"1ce0-t4onjRgGxettBOF/Kuz2jO5I4yo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=315360000
cf-polished: degrade=85, origSize=7392
accept-ranges: bytes
cf-ray: 73cb3f4b79e9918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H3 200 RD-Misinformation-vs-Disinformation-FT_v3.jpg
www.rd.com/wp-content/uploads/2022/04/ 7 KB
8 KB 91ms
89ms Image
image/jpeg 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rd.com/wp-content/uploads/2022/04/RD-Misinformation-vs-Disinformation-FT_v3.jpg?resize=150,150

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

470b7329fac5aeec181daee59bf517be352030d66d2b0712dd574e9cbb6d173c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10561
x-powered-by: Express
x-vc-enabled: true
x-cloud-trace-context: 0ee16b9bedaeae589b17c09d31ed6501
x-vc-ttl: 5256000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7496
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: W/"8aa5-VGyn5opU3da02GTnEQP/flhJiV4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=315360000
cf-polished: degrade=85, origSize=35493
accept-ranges: bytes
cf-ray: 73cb3f4b79ea918c-FRA
expires: Sun, 15 Aug 2032 14:12:56 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 123ms
37ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-17041328-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4256
date: Thu, 18 Aug 2022 13:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 18 Aug 2022 15:02:00 GMT

GET
H3 200 1468910830064549 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 79ms
38ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1468910830064549?v=2.9.75&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js?ver=2.0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5315b3b69ad428d90ce6485dc31a8f0a06bfd2579b1c34120992aacd3bda5556

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85959
x-xss-protection: 0
pragma: public
x-fb-debug: Gp/A+w/ij3wZU8cN6CYfRjjofCtezRAalIm07UT041pDZ1Zc+SGkl/dKWatMXjBT4OB11A5sAbwudUIf3c9BKg==
x-frame-options: DENY
date: Thu, 18 Aug 2022 14:12:56 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 65568.js Show response
cdn.brandmetrics.com/scripts/bundle/ 43 KB
14 KB 47ms
47ms Script
text/javascript 2606:4700:20::ac43:45f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=bb2eaa01-5010-43e2-98c9-38c3cb56a353&toploc=www.rd.com
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/tag/a969c5a7d4e5408485948e8e11899567/rd.com.js?ver=1.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:45f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb3f12f81184edd76efed5fe35a5c4ed281ff579e30ff9b13936a184afbc8cde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 18 Aug 2022 13:39:14 GMT
server: cloudflare
age: 2022
cf-polished: origSize=45116
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUDP0HCmcbIhv2nqo8WGcIdc7PwI1s3YNiDbihAQDYh9ZQWjSv5atxojqX32grpnpxFhtPcrxiVXnOvUr1HwxkxF6hgxMsY3BOaV%2B%2FIm36yPVROmdr2a53IlDjebsOZBdsVMFfi6Qfl83jGV652glQln"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73cb3f4b9c389ba6-FRA
cf-bgj: minify

GET
H2 204 b
sb.scorecardresearch.com/ 0
189 B 39ms
39ms Image
text/plain 13.225.78.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=6034767&ajax_url=https%3A%2F%2Fwww.rd.com%2Fwp-admin%2Fadmin-ajax.php&cs_it=b2&cv=3.8.0.210223&ns__t=1660831976238&ns_c=UTF-8&c7=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&c8=What%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Protect%20Yourself%20from%20These%20Scams%3F&c9=
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-39.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: PUvKFIdrf3Lpg8aTGRgiJdIPTj0DyPegjBs7f04JNZHg2Hw9tSqGvw==
x-cache: Miss from cloudfront

GET
H2 200 sync-container.js Show response
b-code.liadm.com/ 6 KB
3 KB 46ms
45ms Script
application/javascript 2600:9000:2304:e200:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/sync-container.js
Requested by: Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-00x0.min.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:e200:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 18 Aug 2022 11:50:39 GMT
content-encoding: gzip
last-modified: Tue, 10 May 2022 11:48:07 GMT
server: AmazonS3
age: 8538
etag: W/"ae5e94de938b0387eda6df8f20da811a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: WIo1DFPCLgnYZuB8yv1dFIDWe1bYBj2G
via: 1.1 353b8eaf90b8d7986000f2da151952bc.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
x-amz-cf-pop: VIE50-P1
content-type: application/javascript
x-amz-cf-id: ewHzd_g2Z3cUu0xiknJnjgAaclfX4PZRDl9BKKV9wRZwFcdy24nu8w==

GET
H2 200 pubads_impl_2022081601.js Show response
securepubads.g.doubleclick.net/gpt/ 383 KB
131 KB 122ms
39ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

041b6e69b34243b7cd98534e95b129cb2479bebddae8dc4f051755a84cc8fbe8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 12:50:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4927
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133485
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 08:34:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 18 Aug 2023 12:50:49 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 282 B
776 B 185ms
70ms XHR
application/json 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.rd.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

fc0c4893ccbfbb1c266374313522a0ff2383a73b9de5280299af809169650cf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
expires: Thu, 18 Aug 2022 14:12:56 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 1 KB
2 KB 135ms
135ms XHR
application/json 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3235&u=https%3A%2F%2Fwww.rd.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 956f6f2c1e30a974cae6e532f793bc51caaa04b05198ae80ac8ef307952d2387

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:55 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.rd.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1343
x-amz-cf-id: qkkgpgnsoiGrvMoJCvH_0OlKbI_Qp-_9dmZQHljeigvRfrz7HwtZxQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 123ms
38ms XHR
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: JXufo2ctue2uysHllG2MRpKE8F0E4.a0
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 57178
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 03 Aug 2022 22:19:11 GMT
server: AmazonS3
date: Wed, 17 Aug 2022 22:19:59 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 0f538ee832e1105649039b38ce89e882.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 9Fiic8B7y0agpcQNGhW5wzsOVcUfFIPgVQJxPZtisQwUfmVSDzu4SQ==

GET
H2 200 c.js Show response
collector.brandmetrics.com/ 0
76 B 162ms
44ms Script
text/javascript 20.50.2.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.brandmetrics.com/c.js?siteid=bb2eaa01-5010-43e2-98c9-38c3cb56a353&toploc=www.rd.com&rnd=2769426
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=bb2eaa01-5010-43e2-98c9-38c3cb56a353&toploc=www.rd.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.50.2.28 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-length: 0
content-type: text/javascript;charset=utf-8

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1660831976367&aid=a-00x0&se=e30&duid=0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny&tna=v2.4.0&pu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebi...
https://rp4.liadm.com/j?dtstmp=1660831976367&aid=a-00x0&se=e30&duid=0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny&tna=v2.4.0&pu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_eb...

39 B
578 B

575ms
124ms

XHR
application/json

35.168.71.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1660831976367&aid=a-00x0&se=e30&duid=0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny&tna=v2.4.0&pu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&wpn=lc-bundle&c=PHRpdGxlPldoYXQgSXMgU3Bvb2ZpbmcsIGFuZCBIb3cgQ2FuIFlvdSBQcm90ZWN0IFlvdXJzZWxmIGZyb20gVGhlc2UgU2NhbXM_PC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iU3Bvb2ZpbmcgaXMgYSBmdW5ueSB3b3JkLCBidXQgaXRzIGNvbnNlcXVlbmNlcyBhcmUgc2VyaW91cy4gSGVyZSdzIGhvdyBzcG9vZmluZyB3b3JrcywgdGhlIG1hbnkgZm9ybXMgaXQgY2FuIHRha2UgYW5kIGhvdyB0byBzdGF5IHNhZmUuIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly93d3cucmQuY29tL2FydGljbGUvc3Bvb2ZpbmcvIj48aDEgY2xhc3M9InBvc3QtdGl0bGUiPgoJCVdoYXQgSXMgU3Bvb2ZpbmcsIGFuZCBIb3cgQ2FuIFlvdSBTcG90IEl0Pwk8L2gxPg&i6=MmEwMTo0YTA6MTMzODo5Mjo6MTE%3D&n3pc=true

Requested by

Protocol

Server

35.168.71.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-168-71-120.compute-1.amazonaws.com

Software

Resource Hash

712ee4eb9657dcd072d7bbefefc6235ccf81828807c093390810a3d2af85586c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
x-pixel-event-id: e846ff4a-acca-4e51-8153-1b5e35fa85ed
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: null
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 4c9d0e39aadb1827
request-time: 0
content-length: 39
x-content-type-options: nosniff

Redirect headers

date: Thu, 18 Aug 2022 14:12:56 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
location: https://rp4.liadm.com/j?dtstmp=1660831976367&aid=a-00x0&se=e30&duid=0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny&tna=v2.4.0&pu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&wpn=lc-bundle&c=PHRpdGxlPldoYXQgSXMgU3Bvb2ZpbmcsIGFuZCBIb3cgQ2FuIFlvdSBQcm90ZWN0IFlvdXJzZWxmIGZyb20gVGhlc2UgU2NhbXM_PC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iU3Bvb2ZpbmcgaXMgYSBmdW5ueSB3b3JkLCBidXQgaXRzIGNvbnNlcXVlbmNlcyBhcmUgc2VyaW91cy4gSGVyZSdzIGhvdyBzcG9vZmluZyB3b3JrcywgdGhlIG1hbnkgZm9ybXMgaXQgY2FuIHRha2UgYW5kIGhvdyB0byBzdGF5IHNhZmUuIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly93d3cucmQuY29tL2FydGljbGUvc3Bvb2ZpbmcvIj48aDEgY2xhc3M9InBvc3QtdGl0bGUiPgoJCVdoYXQgSXMgU3Bvb2ZpbmcsIGFuZCBIb3cgQ2FuIFlvdSBTcG90IEl0Pwk8L2gxPg&i6=MmEwMTo0YTA6MTMzODo5Mjo6MTE%3D&n3pc=true
x-frame-options: DENY
access-control-allow-origin: https://www.rd.com
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 4f0c3ad002276a89
request-time: 0
content-length: 0
x-content-type-options: nosniff

POST
H3 200 / Show response
r.skimresources.com/api/ 231 B
181 B 86ms
47ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/131817X1594237.skimlinks.js?ver=1.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

339f0ed8420e8a3a68b965179c5a4ee74eb871b511439f3368bd4705ea06594d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://www.rd.com
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

GET
H2 200 googima.js Show response
ssl.p.jwpcdn.com/player/v/8.25.8/ 75 KB
22 KB 159ms
39ms Script
application/javascript 2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.25.8/googima.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 207794d67b4c418fb8c527238697f628074d9c9fcf5476ac96e8572781b50097

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
age: 79524
x-cache: HIT
content-length: 22390
via: 1.1 varnish
x-served-by: cache-ams21066-AMS
last-modified: Sat, 23 Jul 2022 00:14:27 GMT
server: AmazonS3
x-timer: S1660831977.552021,VS0,VE0
etag: "30fb542a548ed445a0de2b78b4dd9301"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, immutable
accept-ranges: bytes
x-cache-hits: 14585

GET
H2 200 jwpsrv.js Show response
ssl.p.jwpcdn.com/player/v/8.25.8/ 62 KB
19 KB 165ms
45ms Script
application/javascript 2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.25.8/jwpsrv.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d8de3829d2383650a9308f175c7017fe6f3a60c3888d6d61e089f9b19141323

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
age: 629
x-cache: HIT
content-length: 18857
via: 1.1 varnish
x-served-by: cache-ams21066-AMS
last-modified: Mon, 01 Aug 2022 21:01:30 GMT
server: AmazonS3
x-timer: S1660831977.552164,VS0,VE0
etag: "662d21d9cc48caa9758882be57e10e92"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, immutable
accept-ranges: bytes
x-cache-hits: 370

GET
H2 200 jwplayer.core.controls.js Show response
ssl.p.jwpcdn.com/player/v/8.25.8/ 311 KB
81 KB 98ms
77ms Script
application/javascript 2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.25.8/jwplayer.core.controls.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5efc6bad9022a5f98b4043a2e85a3233d84270d4f9cfb1cd65080a31b7640491

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
age: 1980330
x-cache: HIT
content-length: 83140
via: 1.1 varnish
x-served-by: cache-ams21066-AMS
last-modified: Sat, 23 Jul 2022 00:14:21 GMT
server: AmazonS3
x-timer: S1660831977.552176,VS0,VE0
etag: "62cc7b33d3f5907af77c4549ea792af8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 316827

GET
H2 200 tueun4W6 Show response
cdn.jwplayer.com/v2/playlists/ 169 KB
17 KB 846ms
770ms XHR
application/json 2600:9000:225e:6200:1:a3fa:7cc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jwplayer.com/v2/playlists/tueun4W6?page_domain=www.rd.com
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:6200:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: d328376e73c89a6f4d8dcf0f9569a5717a675b4121d0d6e3bff1d724eef47463

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
server: openresty
x-amz-cf-pop: FRA60-P4
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=180, max-stale=180
content-length: 17289
via: 1.1 da392114e7046bd9720a70f40c796f62.cloudfront.net (CloudFront)
x-amz-cf-id: WqvLVTGgFNTjSUSW-7s0xqkdVoKvQK1JwcTUBUZQr2zNgn4B_gB_TA==
expires: Thu, 18 Aug 2022 14:15:57

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 135ms
57ms XHR
application/json 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220818

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06b0ba8638146e7027c6210797ad5246a76f5c54d3cda09c37610a9c43884f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40315
x-jsd-version: 1.0.1435
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19151-FRA, cache-iad-kiad7000147-IAD
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"665-P8sZpWzY0xdBEJ66JeiWXZWeumw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWJseGfmeZvoyPNVg9K4teUbMYz4zAt49rdO%2Bx%2Bo5YbCjdb8DuDN%2BQWarFLA%2BbdIPzzKmPmCKTgYOLvaP9nAyi5B%2B35vZ95UBST%2B2hk2Ml7JlL6x2ZWoLRPCDVI27gXt%2FjhShcGgkZzHbVv%2F0Yc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 73cb3f4d781691cf-FRA
access-control-expose-headers: *

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 117ms
40ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1468910830064549&ev=PageView&dl=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&rl=&if=false&ts=1660831976475&sw=1600&sh=1200&v=2.9.75&r=stable&ec=0&o=30&fbp=fb.1.1660831976474.1047241756&it=1660831976232&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 18 Aug 2022 14:12:56 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 82ms
41ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1468910830064549&ev=ViewContent&dl=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&rl=&if=false&ts=1660831976476&sw=1600&sh=1200&v=2.9.75&r=stable&ec=1&o=30&fbp=fb.1.1660831976474.1047241756&it=1660831976232&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 18 Aug 2022 14:12:56 GMT

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 109 KB
37 KB 157ms
44ms Script
application/x-javascript 13.224.189.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-41.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: qhkEQKrW4Gg_gxbK41emvSsDXWYdvDMl
content-encoding: gzip
etag: W/"148e21f812b555a13b2a9c6b616141f4"
age: 36644
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:598424ed-c6de-48e8-8068-45662e39c3ce
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 58acf9e97c03c481f490be71338f7f57
last-modified: Tue, 17 May 2022 11:35:33 GMT
server: AmazonS3
date: Thu, 18 Aug 2022 04:02:13 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 57180e34d853b9e6be67670dae22a049fb237e6bca37c60f7ba138272a8487cc
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=86400
x-amz-cf-pop: FRA2-C1
content-type: application/x-javascript
x-amz-cf-id: 60w44kxHA2aD45oYJ-J-BvkqWBHF4A_HasdxiEad2cEmfMvy9P0kVA==

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/UHUmarOEMVcVXtck5m2mdlDjZQo/gpt_and_prebid/ 132 KB
32 KB 142ms
39ms Script
text/javascript 151.101.1.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/UHUmarOEMVcVXtck5m2mdlDjZQo/gpt_and_prebid/config.js
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 93d570293784f28353ae6c163c6b13ee531753b4da7a009fff78b51625292dc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Thu, 18 Aug 2022 14:12:56 GMT
Content-Encoding: gzip
Age: 435
X-Cache: HIT
Connection: keep-alive
Content-Length: 31663
x-amz-id-2: KdlnKtu7NJKX85a/D5A2mg1tGKreuPbCRWKmceJxcMQK+MYNw52WbnSdsWXSr0nK7eFYtZXOuEw=
X-Served-By: cache-hhn4033-HHN
Last-Modified: Thu, 18 Aug 2022 13:33:49 GMT
Server: AmazonS3
X-Timer: S1660831977.726913,VS0,VE0
ETag: "659a15a64b21edd4484c33495654f223"
x-amz-request-id: WQ93WFRZZ6C4SCDT
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 5

GET
H2 200 pushly-sdk.min.css
cdn.p-n.io/ 27 KB
2 KB 37ms
37ms Stylesheet
text/css 18.66.112.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.p-n.io/pushly-sdk.min.css?domain_key=UQBO2QHQjsCWyyYZTALbCo47hmWzrEGU5rSy
Requested by: Host: cdn.p-n.io
URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=UQBO2QHQjsCWyyYZTALbCo47hmWzrEGU5rSy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-102.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d7471e3df1ba49ecc8acc2dc6d8c4c3619f1a8e094050bdb2432c1cb2548468d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 15:22:24 GMT
content-encoding: gzip
last-modified: Tue, 28 Jun 2022 18:34:08 GMT
server: AmazonS3
age: 82241
etag: W/"f3cd76bbdf477b890d940ce319bd1d16"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 7be6cb2d0156b563b6b1c8f2595ddd52.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: VjC7liB7mLdJifAUjHWOygzUQ2EYjwMqlSfxmE_DHL51uFFBYLhq9A==

POST
H3 200 link Show response
t.skimresources.com/api/v2/ 22 B
44 B 88ms
48ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/131817X1594237.skimlinks.js?ver=1.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.1 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.1
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.rd.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
warning: 299 - "Deprecated API"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22

POST
H3 200 api Show response
ls.skimresources.com/ 2 B
22 B 88ms
48ms XHR
application/json 34.120.117.212
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ls.skimresources.com/api

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/131817X1594237.skimlinks.js?ver=1.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.117.212 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

212.117.120.34.bc.googleusercontent.com

Software

Python/3.8 aiohttp/3.6.3 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type: application/json

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.8 aiohttp/3.6.3
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.rd.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

OPTIONS
H2 206 api
ls.skimresources.com/ Frame 0
0 158ms
50ms Preflight
text/plain 34.120.117.212
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.skimresources.com/api
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.117.212 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 212.117.120.34.bc.googleusercontent.com
Software: Python/3.8 aiohttp/3.6.3 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.rd.com
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain charset=UTF-8
date: Thu, 18 Aug 2022 14:12:56 GMT
server: Python/3.8 aiohttp/3.6.3
via: 1.1 google

POST
H3 200 / Show response
r.skimresources.com/api/ 177 B
164 B 47ms
47ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/131817X1594237.skimlinks.js?ver=1.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

c3b1f04906e025cc88a620b9ab2588afc484757b0e1a13c51ccf4d9cf1ef384d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://www.rd.com
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 122ms
46ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=969507202&t=pageview&_s=1&dl=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&ul=en-us&de=UTF-8&dt=What%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Protect%20Yourself%20from%20These%20Scams%3F&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBAAUABAAAAAC~&jid=1694150958&gjid=1990830422&cid=979978838.1660831977&tid=UA-17041328-1&_gid=1123437193.1660831977&_r=1&gtm=2ou8h0&cd4=https%3A%2F%2Fwww.rd.com&cd9=350&cd10=article&cd11=1747286&cd12=What%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Spot%20It%3F&cd13=Brooke%20Nelson&cd14=Crime%2C%20Scams%2C%20Tech&cd15=2022-08-01&cd16=1127%2C%20354712%2C%20973&cd24=rdu%3Aarticle%3AWhat%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Spot%20It%3F&cd29=c57eb917-b1d4-4071-95f8-b095cf7abdd0&cd33=RD.com%2C%20Getty%20Images&cd34=not%20available&cd38=2022-08-02&cd39=0&cd43=rdu%3Aarticle%3AWhat%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Spot%20It%3F&cd44=scams%2C%20technology&cd45=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&cd46=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F&cd57=money&cd58=scams&cd61=rd-com&cd63=&cd67=&cd71=TMBI%20Content%20Licensee&cd75=979978838.1660831977&z=1795176136

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect
www.google-analytics.com/ 35 B
55 B 121ms
47ms Ping
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 page Show response
t.skimresources.com/api/v2/ 22 B
43 B 48ms
48ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/131817X1594237.skimlinks.js?ver=1.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.1 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:56 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.1
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.rd.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22

GET
H2 200 main_32fd71ec11c31ed06daa2a80bd65433d.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 336 KB
67 KB 293ms
38ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_32fd71ec11c31ed06daa2a80bd65433d.br.js
Requested by: Host: tag.bounceexchange.com
URL: https://tag.bounceexchange.com/948/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 434b5e74c2c5c495b6430ef91f79bacafe42c7cb36beada0a9360a50c8137c00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 18:43:02 GMT
content-encoding: br
age: 70194
x-guploader-uploadid: ADPycdsrzCcl4Upun-NwwsV1KG36CQ-lo3eyJqUOhLyTko3Azx0q74TZEtuxm8aRWMndfafAqRLrsAiSHV3jbJEZXhVz9N4_MGcb
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68187
last-modified: Wed, 17 Aug 2022 18:42:50 GMT
server: UploadServer
etag: "db0d428296729cfb3032bb2a4ecdec08"
x-goog-hash: crc32c=2QnDfw==, md5=2w1CgpZynPswMrsqTs3sCA==
x-goog-generation: 1660761770916828
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 68187
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 17 Aug 2023 18:43:02 GMT

GET
H2 200 UV3t3od4EeeD_gY3v_uBow.json Show response
entitlements.jwplayer.com/ 69 B
245 B 467ms
113ms XHR
application/json 152.199.5.228
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://entitlements.jwplayer.com/UV3t3od4EeeD_gY3v_uBow.json
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.5.228 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nya/78FE) /
Resource Hash: 5427e10c23520fbca480e8750c7e03dc2858eee594081879ea72a559bbd9fa81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
last-modified: Thu, 18 Aug 2022 13:21:14 GMT
server: ECAcc (nya/78FE)
age: 3102
vary: Accept-Encoding
x-cache: HIT
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=1800, s-maxage=4260
accept-ranges: bytes
content-length: 75

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 375 KB
125 KB 285ms
68ms Script
text/javascript 2a00:1450:400a:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:801::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee00fad2265577bc5be56bc69c1e8c1071a4b201a5b9bd523c7204a54c31a28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127726
x-xss-protection: 0
expires: Thu, 18 Aug 2022 14:12:56 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
439 B 268ms
47ms XHR
text/plain 2a00:1450:400c:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-17041328-1&cid=979978838.1660831977&jid=1694150958&gjid=1990830422&_gid=1123437193.1660831977&_u=4GBAAUAAAAAAAC~&z=316126977

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 18 Aug 2022 14:12:56 GMT
content-type: text/plain
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracker.gif
tracking.skyword.com/ 43 B
373 B 162ms
161ms Image
image/gif 52.45.182.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tracking.skyword.com/tracker.gif?_url=https%3A//www.rd.com/article/spoofing/%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&_anonymize=no&_doNotTrack=no&_referer=&_cacheBust=16608319767061f5bb&_contentId=281474980179397
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.45.182.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-45-182-189.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
p3p: policyref="http://.skyword.com/w3c/p3p.xml", CP="PSAa PSDa ADMa DEVa OUR IND DSP NOI COR UNI NAV CURa COM INT"
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/ 203 KB
65 KB 37ms
37ms Script
application/javascript 151.101.1.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/UHUmarOEMVcVXtck5m2mdlDjZQo/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f83dccda0f23005e073046554fcb6f70e6cc5c6d5a31482d8cbf00c3cae72a69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Thu, 18 Aug 2022 14:12:56 GMT
Content-Encoding: gzip
Age: 222499
X-Cache: HIT
Connection: keep-alive
Content-Length: 66315
x-amz-id-2: tn9m/RJ+1Nqpr3MtD2Y1tL/tOZmzJYxGk6sdCOaSEQX8FdjVodEnZg+U+fqqgJTyKkRkriyrqrA=
X-Served-By: cache-hhn4033-HHN
Last-Modified: Thu, 11 Aug 2022 23:13:41 GMT
Server: AmazonS3
X-Timer: S1660831977.779187,VS0,VE0
ETag: "6dc02234ec68d77d35e4d6a9fe8b646f"
x-amz-request-id: VQD62AH5JPVQA99D
Via: 1.1 varnish
Cache-Control: public, max-age=864000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 621839

GET
H2 200 / Show response
geo.privacymanager.io/ 28 B
594 B 142ms
37ms Fetch
application/json 13.32.99.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: ats.rlcdn.com
URL: https://ats.rlcdn.com/ats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-59.fra60.r.cloudfront.net
Software: /
Resource Hash: 3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 03:51:41 GMT
via: 1.1 69cc5dd318e02cb1a7e8cb9951f553d8.cloudfront.net (CloudFront), 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
age: 37275
x-amzn-requestid: 5db5bfe2-6662-49ef-8b73-48bdaa4894f6
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-62fdb74d-2167ad145a7a3315387a3dbe;Sampled=0
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P3, FRA60-P3
x-amz-apigw-id: XCmUGGIDjoEF00g=
content-length: 28
x-amz-cf-id: J51CCsF5EXMdM3bVOWRjFZ8B4M7CTqZ_6zM8pyTQpb3FKlhmPriirw==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 146ms
64ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-17041328-1&cid=979978838.1660831977&jid=1694150958&_u=4GBAAUAAAAAAAC~&z=180736221

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 143ms
61ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-17041328-1&cid=979978838.1660831977&jid=1694150958&_u=4GBAAUAAAAAAAC~&z=180736221

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.c99cd143.js Show response
s.pinimg.com/ct/lib/ 52 KB
18 KB 51ms
50ms Script
application/javascript 2a04:4e42:4b::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.c99cd143.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4b::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d6bc239a6993be3a5ed13249ff2d27e4e3bc80a30bbd6df2ff92b4db0ad1d996

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:56 GMT
content-encoding: gzip
fastly-restarts: 1
x-cdn: fastly
etag: "a05548af4f747ef476e354fcd30947ce"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
content-length: 18448
access-control-expose-headers: X-CDN

GET
H3 200 inbox_1cde94b71b040afa0e77bb964b3c16e3.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 71 KB
18 KB 114ms
38ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox_1cde94b71b040afa0e77bb964b3c16e3.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_32fd71ec11c31ed06daa2a80bd65433d.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 532cf7167d55ffff4ca4ee0d3913030f03ff89a34cda42c42b0b659ba446f932

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 21:01:25 GMT
content-encoding: br
age: 1617092
x-guploader-uploadid: ADPycdu8Qpzx6NXOrHSWtnPRc0SdMzSh3m5s5yVm9v4FM6nKHgarlvc9Wydb6x4GDpad8e2c2jTy4Ma9ThcPnsnU3ZD6GVBMaFIu
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18676
last-modified: Mon, 25 Jul 2022 15:26:24 GMT
server: UploadServer
etag: "88ccb13f6e684660e6546c08352c4cfa"
x-goog-hash: crc32c=TP4lGg==, md5=iMyxP25oRmDmVGwINSxM+g==
x-goog-generation: 1656622875439352
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 18676
accept-ranges: bytes
content-type: text/javascript
expires: Sun, 30 Jul 2023 21:01:25 GMT

GET
H3 200 onsite_15c0235a3db49554b31a12e673dfc4c7.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 155 KB
33 KB 129ms
54ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite_15c0235a3db49554b31a12e673dfc4c7.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_32fd71ec11c31ed06daa2a80bd65433d.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a832360fa2f50d1008ca81831d118b097a97d2157e8151cb109171c33bf7b9e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 18:43:10 GMT
content-encoding: br
age: 70187
x-guploader-uploadid: ADPycdu15pKQIsIv5VRosaNcLcGrGc7ZYSZy8cIE228isebluIOIRINfxoMAqTo-GVedvkMil_0shylVpWaV04VhSNNxaQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34116
last-modified: Wed, 17 Aug 2022 18:42:55 GMT
server: UploadServer
etag: "afd667b76d1a3da32c5f2730e92be6ce"
x-goog-hash: crc32c=+XSaCw==, md5=r9Znt20aPaMsXycw6Svmzg==
x-goog-generation: 1660761775792247
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 34116
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 17 Aug 2023 18:43:10 GMT

GET
H3 200 ads_a936fb3820b70e5b08db8b661402d379.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 349 KB
65 KB 143ms
69ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ads_a936fb3820b70e5b08db8b661402d379.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_32fd71ec11c31ed06daa2a80bd65433d.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9031ffcf37a64d49e8ff7450ba21b3378d2660bde2d652f870c47bf468eedf18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 14:35:02 GMT
content-encoding: br
age: 517075
x-guploader-uploadid: ADPycdsKJKECtxv6VdbUeCs6zGgFol54HVheMiCaK008_b2RDpniUGTNWJ8R1iK3McAEVJUcahD4gAmsoJT3W9NwC3_p5WVLcVrK
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66962
last-modified: Fri, 12 Aug 2022 14:34:51 GMT
server: UploadServer
etag: "46e7a0e25d2fe8397a8ec3f6476dc4be"
x-goog-hash: crc32c=GzCbZQ==, md5=Rueg4l0v6Dl6jsP2R23Evg==
x-goog-generation: 1660314891331234
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 66962
accept-ranges: bytes
content-type: text/javascript
expires: Sat, 12 Aug 2023 14:35:02 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 489 B
576 B 208ms
66ms XHR
application/json 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2613599177006&cb=1660831977014
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.c99cd143.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 08d20a2ee48b6892026d9a264b4c45206ccb1018dfb5f1d643d6a10bbd2f974a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
referrer-policy: origin
x-cdn: fastly
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.rd.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
pin-unauth: dWlkPVpXTmxORFV3Tm1FdFpUTmpPUzAwTXpobExXRmpaak10WkRCbU5UWTFaRGRoTUdOag
x-pinterest-rid: 4643022222010027
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
content-length: 351
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 8403 0
18 B 78ms
37ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.rd.com
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.rd.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 18 Aug 2022 14:12:57 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
247 B 204ms
65ms Image
image/gif 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2613599177006&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22c99cd143%22%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1660831977016
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
x-pinterest-rid: 1381254450623113
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 8cdea80cc4922c6071ce.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 53 KB
15 KB 116ms
115ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/8cdea80cc4922c6071ce.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78D9) /

Resource Hash

dbc32f33967798a78d4d23797bcac666b28f0c1c6ccafb52ab501b8f1f7f746c

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "d244-lQ8gtEKa9AporFfupyxjWmoH7Bs"
age: 82630
x-cache: HIT
content-length: 14897
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:47 GMT
server: ECAcc (nya/78D9)
date: Thu, 18 Aug 2022 14:12:57 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:57 GMT

GET
H2 200 0bd906b837cebaeac8d1.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 99 KB
27 KB 116ms
116ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/0bd906b837cebaeac8d1.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/796F) /

Resource Hash

e1f4a398b7260ff24d833731a5c56661603aa876fcda763a2ceab56a32967e9c

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "18ad8-J5xh0oJQ8ryCtbOGwgFVbecz/tk"
age: 82630
x-cache: HIT
content-length: 27441
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:47 GMT
server: ECAcc (nya/796F)
date: Thu, 18 Aug 2022 14:12:57 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:57 GMT

GET
H3 200 local_storage_frame16.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame F780 2 KB
1 KB 38ms
38ms Document
text/html 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_32fd71ec11c31ed06daa2a80bd65433d.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 1450437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: gzip
content-length: 1055
content-type: text/html; charset=UTF-8
date: Mon, 01 Aug 2022 19:19:00 GMT
etag: "5006297b3d0b3088a3d54f5008aaf8d2"
expires: Tue, 01 Aug 2023 19:19:00 GMT
last-modified: Mon, 25 Jul 2022 15:24:48 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1658762688734992
x-goog-hash: crc32c=TrU0ag== md5=UAYpez0LMIij1U9QCKr40g==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1055
x-guploader-uploadid: ADPycdtaaPhtaWpdq2xgWwHuuPUr4zt5oReg6VWm17JUAnua5cKgMX-2_rh_0XjanW8MgMcAL8lvLHqAK9KBV7wv0a5e4zhTfhPZ

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 36 B
343 B 190ms
73ms Script
text/html 34.111.8.32
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1480&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDZCAGADgGZ8BOAdloCYBWazYALxChMwHcBTAEY5UwfgH1UAEyjUALGUwAnfjhAAbOGgwFSJAB74GJHipj8lKpVGwBDdetQIA5uLhL1UABbBgABxwAUgoAQUCGADFwiN5YgDolKTikEABbaNslNCR1fmicPxAQGCdnaOCI8SRUv2CAERVbKTg-RLgghkJxIWl6xubW5pwyfDJjBgZwrtTeijqmBgo5Iyn+L1m6xYBhACEdljqSCgBRLcJqTp3qajqKWmOyOsIyQjlGQhC5HYemWjIp8QABQsqQAErYcF56hRCExyPgkPxqLYGFIKGRbCQpLR8Ew3oQEQiYLQYFIGGQpPwkKR8BRBAx+DBEdS6CRbNRSbZaEhBEwKLYFJgAG6oETAKpFADWqH4UECtB24QY6lqE2CYQmPn8HT5GoWUWYkVivASSRS6UNEUy2Vy4X1BSKJRcdsidoolWqqr5DX4TRabR1nW6gl6zDm-X9QxGYxIasN01D3oWSxW8bWibm2z2ByOp3Ol2ut3uj2er3en2+ZF+-3jQJB4MhbtusPhiORqPRmOxuPxhKQxNJ5Mp1JItPpjOZ51obI5Ui5PL5AprkwYWyVSiV6s3cbXE34+k3oSIpEod3oxjk8rq2ClMrlCqVQsPYQfExAQos4jECGfMHsODyVclRwOBBBmXx+CkcQMDFQDJlCYAlDgQDdwYEDhCQJRUD8bQEHEEoVCkX9-zyWg6ivYVMhwABta1UByCRgAATz8fgAF1YBIyilBo9QQCacRWKUGAOMWfB8G4micEcSlxEpHCvA4v91AAyTqPfT9vyUrihSo2isno3JxAQWxUnYqAAHUvFsYBwhIABJDoSAAZUKYpSnCXc2QQIjjFBEBeDsrZbB-YwAE0QDgOzXJAWzjHs2z3TUuiGKqGz+GcEAlCYjjUgwfgmLU1BUlsZx+HcdQOK1AJ1QAelq41TWSNIGr8ABaFIEG-YBapaPimhwWrxgYWryFqqybLaxy2pi9yXDaiIABU2oAcX4XwmPskqypwNqjBxORqHEkgmHEIUGDiMA-GcNSkHSzLsq-URcg4tSHQQNRCPEFKXs4lT+FujBurS4AOOOHAAK61B7Gi0AsNUNS-FKxiWPMn6Ad0njaKgkUREEX7lNUzGpNA8CxCgmDRHMxDkLUhBYtQEo7tw8QcGAGz2m0-61PaUpuikMrxEEJQAoApQuaJvTRVZwoPqyiWMalnBxC8NJ+CRsqFbUqQYD8cQlHxkAkElDj6fFfpCuJ6jBFsY2SgcOT1b4pizK616rfQnBMOwlmCMgrWPap1mqVwjjvbMzyvdMjotjEJAvGFSkYGoz3vZw9A8L9qQtZSEBpUYopxHUTIyr+1TBD8bhMHWyvqIAInRuuABo6+ZjKsqY5u6+cexcmyrvVbMruAMyeO67YzAcLwdGbxqRwQsRfDi+cGwhWsqAgA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_32fd71ec11c31ed06daa2a80bd65433d.br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
via: 1.1 google
x-envoy-upstream-service-time: 20
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 200 provider.hlsjs.js Show response
ssl.p.jwpcdn.com/player/v/8.25.8/ 364 KB
106 KB 41ms
40ms Script
application/javascript 2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.25.8/provider.hlsjs.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea6a175eb6226f00c8b2c59c12fb502205c532256dda71b9c903a36124c736a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
age: 1432461
x-cache: HIT
content-length: 108381
via: 1.1 varnish
x-served-by: cache-ams21066-AMS
last-modified: Sat, 23 Jul 2022 00:14:24 GMT
server: AmazonS3
x-timer: S1660831977.288982,VS0,VE0
etag: "2604af1871aa56882b5019b680cf55da"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 230906

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/webp

POST
H2 200 serve Show response
s.beop.io/ 12 KB
3 KB 392ms
137ms XHR
application/json 18.225.24.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.beop.io/serve?nuid=9a0db705-8efc-4096-9d18-de00d84b1e46&sdk_version=9.6.100
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/8cdea80cc4922c6071ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.225.24.114 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-225-24-114.us-east-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: c33a075176788a7a65ab88396dd343dda01c34bfac4c42d5642e363be0ed3c28

Request headers

Accept: application/json
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.20.0
access-control-allow-method: POST
content-type: application/json

OPTIONS
H2 200 serve
s.beop.io/ Frame 0
0 399ms
128ms Preflight
application/json 18.225.24.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.beop.io/serve?nuid=9a0db705-8efc-4096-9d18-de00d84b1e46&sdk_version=9.6.100
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.225.24.114 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-225-24-114.us-east-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-method: POST
access-control-allow-origin: https://www.rd.com
content-length: 0
content-type: application/json
date: Thu, 18 Aug 2022 14:12:57 GMT
server: nginx/1.20.0

POST
H2 204 i
t.beop.io/ 0
135 B 230ms
54ms Ping
text/plain 34.251.24.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.beop.io/i?_ck=351438ffc09b70567782bbed7ed26f16
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/0bd906b837cebaeac8d1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.24.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-24-18.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:57 GMT
access-control-allow-credentials: true
server: http-kit
access-control-expose-headers

POST
H2 204 i
t.beop.io/ 0
136 B 229ms
54ms Ping
text/plain 34.251.24.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.beop.io/i?_ck=9056fb9b81ec259edd3c856b0c732147
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/0bd906b837cebaeac8d1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.24.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-24-18.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:57 GMT
access-control-allow-credentials: true
server: http-kit
access-control-expose-headers

GET
H2 200 video_info Show response
context.iris.tv/ 481 B
813 B 129ms
37ms XHR
application/json 13.32.121.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://context.iris.tv/video_info?access_token=5d38e9c84530419979500ccbc4b220c0a81b74d8072b864294e4b0885774c608&client_token=MWEAN9DYLVRSBGA&platform_id=wYVLwyRG
Requested by: Host: www.rd.com
URL: https://www.rd.com/wp-includes/js/jquery/jquery.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-113.fra60.r.cloudfront.net
Software: Zer01ne /
Resource Hash: 812dc1d830b40b7ddde5d9412eab3134f38dc3340614b97250ebf8f6439b1b2f

Request headers

Accept: */*
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 13:51:14 GMT
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
server: Zer01ne
age: 1303
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=3600, stale-while-revalidate=600, stale-if-error=600
x-amz-cf-pop: FRA60-P1
x-robots-tag: noindex, follow
x-amz-cf-id: Wk5T1-O4O7YUmvQbFu9z0ncQAA4o52JEPdnaakA0w5y6jMBFiuRAcw==

GET
H2 200 ct.html Show response
ct.pinterest.com/ Frame 7BA4 565 B
391 B 67ms
67ms Document
text/html 151.101.0.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.c99cd143.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache,no-store,must-revalidate,max-age=0
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Thu, 18 Aug 2022 14:12:57 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 1
x-pinterest-rid: 6828108523378492

POST
H3 200 rum Show response
www.rd.com/cdn-cgi/ 0
163 B 81ms
42ms XHR
text/plain 2606:4700:4400::ac40:9573
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rd.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:9573 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
content-type: application/json

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.rd.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 73cb3f534f98918c-FRA
vary: Origin

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
529 B 77ms
77ms XHR
text/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3235&u=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pid=v3x2qoWlXKmW4&cb=0&ws=1600x1200&v=22.8.42053&t=1000&slots=%5B%7B%22sd%22%3A%22ad62fe43c688020%22%2C%22s%22%3A%5B%226x6%22%5D%2C%22sn%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Fin_image%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.195.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-195-78.fra2.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: 3TQ4YW3NA74G91ZE4WQB
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: Lx1507YeFwuwWniWo8_wKckFWVJBzWgSrvZOLBi23aIgxvQEl_JrFw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
531 B 74ms
74ms XHR
text/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3235&u=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pid=v3x2qoWlXKmW4&cb=1&ws=1600x1200&v=22.8.42053&t=1000&slots=%5B%7B%22sd%22%3A%22ad62fe43c688241%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%223x3%22%5D%2C%22sn%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Fprearticle%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.195.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-195-78.fra2.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: KQBWSKGRWZ6YQD6MVDZ1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: tCOPyzpNq1Tte_EslXtXCwv59opKk7Sm4vhyGOJfuLRSzVCNO4PU1g==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
528 B 74ms
74ms XHR
text/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3235&u=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pid=v3x2qoWlXKmW4&cb=2&ws=1600x1200&v=22.8.42053&t=1000&slots=%5B%7B%22sd%22%3A%22ad62fe43c6887a1%22%2C%22s%22%3A%5B%224x4%22%5D%2C%22sn%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Fsponsor%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.195.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-195-78.fra2.r.cloudfront.net

Software

Server /

Resource Hash

f0fe7e69e970311a87c3b57b217e6fc19f0a65b25813ad64426169712f61e402

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: BQKEP55RZ1HT6WDDHHHJ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: 9B1cAM9fSNsX4qO6Me3oU0gHw-pnpfC63NAcQD_CRJihUg115TtlyA==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
530 B 76ms
76ms XHR
text/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3235&u=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pid=v3x2qoWlXKmW4&cb=3&ws=1600x1200&v=22.8.42053&t=1000&slots=%5B%7B%22sd%22%3A%22ad62fe43c6a5d67%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Frail_1%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.195.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-195-78.fra2.r.cloudfront.net

Software

Server /

Resource Hash

e74fc9882fd1b046474630282635991e5aa59cb761302f13d7a304c1a3bae89b

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: QQC3MRHER58M55QHM822
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: wQUvpKZG6uD9axJJGTfeLfy5lEZ2Zg35Fdf5xwalhTnYwCHsvZhzWw==

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
442 B 154ms
71ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=pp_iris_failure&pvsid=2899785851612939&fnc=6178&vrg=2022081601&nw_id=6178&nslots=4&eid=31069030&pub_url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
529 B 73ms
73ms XHR
text/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3235&u=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pid=v3x2qoWlXKmW4&cb=4&ws=1600x1200&v=22.8.42053&t=1000&slots=%5B%7B%22id%22%3A%22video%22%2C%22mt%22%3A%22v%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.195.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-195-78.fra2.r.cloudfront.net

Software

Server /

Resource Hash

13ca66cf6767366a16dcab079a022ab7efaff7ad1f44fe904543916d56bb2d9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: 7FBHQM30ADYC2Q0C55RD
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: dDqBLSMNpyx_Gh-Z7mv8OmFX4nwa5iZWR8ha1BB3gSrjgaMco7-rnw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
529 B 78ms
78ms XHR
text/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3235&u=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pid=v3x2qoWlXKmW4&cb=5&ws=1600x1200&v=22.8.42053&t=1000&slots=%5B%7B%22id%22%3A%22video%22%2C%22mt%22%3A%22v%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.195.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-195-78.fra2.r.cloudfront.net

Software

Server /

Resource Hash

0f790bdfb9c12c83da88b657a00be6b9aee3d14d167002faaa9562bc74404325

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: J6ZXG0MM8NBDQ0XZS33S
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: WHaamKQFavGQxMBP-ylST14ZWb2SX07pcamQ6u83PlqhF5qcjWEDHw==

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
519 B 128ms
42ms XHR
application/json 3.125.201.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.24.2&referrer=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&tmax=2000

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.125.201.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-125-201-50.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
accept-ch: sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 371 B
822 B 278ms
130ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10696&site_id=377204&zone_id=2077626&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&tg_i.aupname=6178%2Frdg_desktop%2Farticle%2Fprearticle&tg_i.pbadslot=%2F6178%2Frdg_desktop%2Farticle%2Fprearticle&tk_flint=dmpbjs_v6.24.2&x_source.tid=22bf9e17-908d-4bd0-a5e1-319033bb9096&l_pb_bid_id=4525ccad6096be&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.0836641902304247
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: bd15deedf88c60d4fef8d516c8b0b30fd69d705fb9779a71f88cc5526809d038

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:57 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.rd.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 371
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 36 B
639 B 148ms
58ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=681232&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2254aec316b04d5f%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A2%2C%22msi%22%3A2%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.24.2%22%2C%22userIds%22%3A%5B%5D%2C%22err%22%3A%7B%222%22%3A1%7D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2273e80e1f94a45%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22681232%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22681232%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22681232%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Fprearticle%22%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22permutive.com%22%2C%22segment%22%3A%5B%5D%7D%5D%7D%7D
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 855d0573de3e1d813080c66243a447937c3c82ea77bbd7cb86856d5d4d609076

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bPDmOSHWIPbKOTrUqPQRqom%2BPNVtDY4v3WQh%2BAvcEefc1vnxpoNEZfVwuwy43Fom%2BQzBF65t5tM1Vh8CI1L%2FYYvCio%2FCe9nqvcUUL%2BWwy8AXcZO05CPF8chOejt6QI8P7VmvDLXI"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.rd.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73cb3f546b6e9ba0-FRA
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
135 B 269ms
150ms XHR
text/plain 15.188.216.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.188.216.240 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-188-216-240.eu-west-3.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:57 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
702 B 136ms
48ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:57 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9457f9ae-d415-42d8-9735-ea7a628894d5
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.rd.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bid Show response
krk.kargo.com/api/v2/ 2 B
673 B 546ms
139ms XHR
application/json 3.82.168.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://krk.kargo.com/api/v2/bid?json=%7B%22sessionId%22%3A%22a10a3730-7636-4fc6-9d09-1cda6b90cb26%22%2C%22requestCount%22%3A0%2C%22timeout%22%3A2000%2C%22currency%22%3A%22USD%22%2C%22cpmGranularity%22%3A1%2C%22timestamp%22%3A1660831977559%2C%22cpmRange%22%3A%7B%22floor%22%3A0%2C%22ceil%22%3A20%7D%2C%22bidIDs%22%3A%7B%22132211a39035e4b%22%3A%22_yJl1S0NHuh%22%7D%2C%22bidSizes%22%3A%7B%22132211a39035e4b%22%3A%5B%5B970%2C250%5D%2C%5B970%2C90%5D%2C%5B728%2C90%5D%5D%7D%2C%22prebidRawBidRequests%22%3A%5B%7B%22bidder%22%3A%22kargo%22%2C%22params%22%3A%7B%22placementId%22%3A%22_yJl1S0NHuh%22%7D%2C%22ortb2Imp%22%3A%7B%22ext%22%3A%7B%22data%22%3A%7B%22aupname%22%3A%226178%2Frdg_desktop%2Farticle%2Fprearticle%22%2C%22adserver%22%3A%7B%22name%22%3A%22gam%22%2C%22adslot%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Fprearticle%22%7D%2C%22pbadslot%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Fprearticle%22%7D%7D%7D%2C%22mediaTypes%22%3A%7B%22banner%22%3A%7B%22sizes%22%3A%5B%5B970%2C250%5D%2C%5B970%2C90%5D%2C%5B728%2C90%5D%5D%7D%7D%2C%22adUnitCode%22%3A%22ad62fe43c688241%22%2C%22transactionId%22%3A%2222bf9e17-908d-4bd0-a5e1-319033bb9096%22%2C%22sizes%22%3A%5B%5B970%2C250%5D%2C%5B970%2C90%5D%2C%5B728%2C90%5D%5D%2C%22bidId%22%3A%22132211a39035e4b%22%2C%22bidderRequestId%22%3A%22122f0bc97ee8e95%22%2C%22auctionId%22%3A%22dfe92abf-fd46-4ca0-bb46-3dfe158d657d%22%2C%22src%22%3A%22client%22%2C%22bidRequestsCount%22%3A1%2C%22bidderRequestsCount%22%3A1%2C%22bidderWinsCount%22%3A0%7D%5D%2C%22userIDs%22%3A%7B%22crbIDs%22%3A%7B%7D%7D%2C%22pageURL%22%3A%22https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48%22%2C%22rawCRB%22%3Anull%2C%22rawCRBLocalStorage%22%3Anull%7D
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.82.168.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-82-168-103.compute-1.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://www.rd.com
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Krk-No-Bid-Reason: consent
Content-Length: 26
X-Accel-Expires: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 129ms
47ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.rd.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 128ms
46ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.rd.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 818 B
536 B 255ms
178ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2899785851612939&correlator=4408508003667320&eid=31069030%2C31062931&output=ldjh&gdfp_req=1&vrg=2022081601&ptt=17&impl=fifs&iu_parts=6178%2Crdg_desktop%2Carticle%2Cin_image&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=6x6&ifi=1&adks=2325636993&sfv=1-0-38&fsapi=false&prev_scp=pos%3Doop%26location%3Doop%26tf%3Datf%26amznbid%3D2%26amznp%3D2%26m_mv%3DslotNoSlotData%26m_gv%3DslotNoSlotData&eri=1&cust_params=permutive%3D%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgv_crime%252Cmoat_unsafe%26m_mv%3DdataAvailable%26m_gv%3DdataAvailable%26refresh%3Don%26rtime%3D30%26rnum%3D10%26property%3D6178%26siteId%3Drdg%26pageType%3Darticle%26url%3D%252Farticle%252Fspoofing%252F%253F_PermHash%253Dc6824c8aae3ae3e262976413aaa5971fd5eb76e6e02315a90fdb6b542cbd1c73%2526_cmp%253Dreaduprdus%2526_ebid%253Dreaduprdus8182022%2526_mid%253D523412%2526ehid%253D25FF2A3BF8F69A627CAA1998BF728EAA0034FFBE%26keywords%3Dcrime%252Cscams%252Ctech%26category%3Dcrime%252Cscams%252Ctech%26topic%3Dcrime%252Cscams%252Ctech%26pt%3Darticle%26platform%3Ddesktop%26theme%3Dnew%26contentID%3D1747286%26sponsors%3Dno_value%26source%3Doriginal_to_tmbi%26categories-v2%3Dscams%252Ctech%26ep_custom_result%3Dno_value%26author%3Dbrooke-nelson%26content_group%3Dno_value%26afc%3Dno%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26ebid%3D%26campaign%3D%26mid%3D%26TMCM%3Dc57eb917-b1d4-4071-95f8-b095cf7abdd0%26gdpr_cookie_accepted%3Dtrue%26refer%3D%26random%3D23%26page_depth%3D1%26nwltr%3Dreaduprdus8182022&sc=1&cookie_enabled=1&abxe=1&dt=1660831977581&lmt=1660830662&dlt=1660831975721&idt=915&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&frm=20&vis=1&psz=1260x10368&msz=1600x0&fws=128&ohw=0&ga_vid=979978838.1660831977&ga_sid=1660831978&ga_hid=969507202&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

2a6a39dc5323c7f0355f11b54a49f5b6cfc96bf52857e63f46e82e31338e1cef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 506
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 166ms
86ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

831e12c4a30d96040d8cc6715b77b80af19c387808e044f83267671b466d7750

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11026
x-xss-protection: 0

GET
H2 200 container.html Show response
062c24ac1719c100a8b7e9af6670a7d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0343 6 KB
4 KB 145ms
49ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://062c24ac1719c100a8b7e9af6670a7d8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 18 Aug 2022 14:12:57 GMT
expires: Fri, 18 Aug 2023 14:12:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 408 B
242 B 144ms
79ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2899785851612939&correlator=4408508003667320&eid=31069030%2C31062931&output=ldjh&gdfp_req=1&vrg=2022081601&ptt=17&impl=fifs&iu_parts=6178%2Crdg_desktop%2Carticle%2Csponsor&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=4x4&ifi=2&adks=3853026389&sfv=1-0-38&fsapi=false&prev_scp=pos%3Dsponsor%26tf%3Datf%26amznbid%3D2%26amznp%3D2%26m_mv%3DslotNoSlotData%26m_gv%3DslotNoSlotData&eri=1&cust_params=permutive%3D%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgv_crime%252Cmoat_unsafe%26m_mv%3DdataAvailable%26m_gv%3DdataAvailable%26refresh%3Don%26rtime%3D30%26rnum%3D10%26property%3D6178%26siteId%3Drdg%26pageType%3Darticle%26url%3D%252Farticle%252Fspoofing%252F%253F_PermHash%253Dc6824c8aae3ae3e262976413aaa5971fd5eb76e6e02315a90fdb6b542cbd1c73%2526_cmp%253Dreaduprdus%2526_ebid%253Dreaduprdus8182022%2526_mid%253D523412%2526ehid%253D25FF2A3BF8F69A627CAA1998BF728EAA0034FFBE%26keywords%3Dcrime%252Cscams%252Ctech%26category%3Dcrime%252Cscams%252Ctech%26topic%3Dcrime%252Cscams%252Ctech%26pt%3Darticle%26platform%3Ddesktop%26theme%3Dnew%26contentID%3D1747286%26sponsors%3Dno_value%26source%3Doriginal_to_tmbi%26categories-v2%3Dscams%252Ctech%26ep_custom_result%3Dno_value%26author%3Dbrooke-nelson%26content_group%3Dno_value%26afc%3Dno%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26ebid%3D%26campaign%3D%26mid%3D%26TMCM%3Dc57eb917-b1d4-4071-95f8-b095cf7abdd0%26gdpr_cookie_accepted%3Dtrue%26refer%3D%26random%3D23%26page_depth%3D1%26nwltr%3Dreaduprdus8182022&sc=1&cookie_enabled=1&abxe=1&dt=1660831977595&lmt=1660830662&dlt=1660831975721&idt=915&adxs=250&adys=582&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&frm=20&vis=1&psz=680x23&msz=680x0&fws=0&ohw=0&ga_vid=979978838.1660831977&ga_sid=1660831978&ga_hid=969507202&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

d72592e7d400238ef1131b328cc88ff210c6b7bf92eefdd5020694daf119a33c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 212
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
136 B 154ms
80ms XHR
text/plain 15.188.216.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.188.216.240 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-188-216-240.eu-west-3.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:57 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
519 B 72ms
41ms XHR
application/json 3.125.201.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.125.201.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-125-201-50.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
accept-ch: sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK bid Show response
krk.kargo.com/api/v2/ 2 B
645 B 520ms
135ms XHR
application/json 3.82.168.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://krk.kargo.com/api/v2/bid?json=%7B%22sessionId%22%3A%22a10a3730-7636-4fc6-9d09-1cda6b90cb26%22%2C%22requestCount%22%3A1%2C%22timeout%22%3A2000%2C%22currency%22%3A%22USD%22%2C%22cpmGranularity%22%3A1%2C%22timestamp%22%3A1660831977603%2C%22cpmRange%22%3A%7B%22floor%22%3A0%2C%22ceil%22%3A20%7D%2C%22bidIDs%22%3A%7B%2219e7af291ea0034%22%3A%22_q57RuiXJNi%22%7D%2C%22bidSizes%22%3A%7B%2219e7af291ea0034%22%3A%5B%5B300%2C250%5D%5D%7D%2C%22prebidRawBidRequests%22%3A%5B%7B%22bidder%22%3A%22kargo%22%2C%22params%22%3A%7B%22placementId%22%3A%22_q57RuiXJNi%22%7D%2C%22ortb2Imp%22%3A%7B%22ext%22%3A%7B%22data%22%3A%7B%22aupname%22%3A%226178%2Frdg_desktop%2Farticle%2Frail_1%22%2C%22adserver%22%3A%7B%22name%22%3A%22gam%22%2C%22adslot%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Frail_1%22%7D%2C%22pbadslot%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Frail_1%22%7D%7D%7D%2C%22mediaTypes%22%3A%7B%22banner%22%3A%7B%22sizes%22%3A%5B%5B300%2C250%5D%5D%7D%7D%2C%22adUnitCode%22%3A%22ad62fe43c6a5d67%22%2C%22transactionId%22%3A%22a7153a43-9d55-4c0d-a1c2-494800de8a25%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%5D%2C%22bidId%22%3A%2219e7af291ea0034%22%2C%22bidderRequestId%22%3A%2218cf665d1ffce9c%22%2C%22auctionId%22%3A%222345c12d-b976-4390-aa33-ee38f3850764%22%2C%22src%22%3A%22client%22%2C%22bidRequestsCount%22%3A1%2C%22bidderRequestsCount%22%3A1%2C%22bidderWinsCount%22%3A0%7D%5D%2C%22userIDs%22%3A%7B%22crbIDs%22%3A%7B%7D%7D%2C%22pageURL%22%3A%22https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48%22%2C%22rawCRB%22%3Anull%2C%22rawCRBLocalStorage%22%3Anull%7D
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.82.168.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-82-168-103.compute-1.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://www.rd.com
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 26
X-Accel-Expires: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
702 B 113ms
39ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:57 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e82ba657-b48c-4595-8f6a-08e6ee868fdc
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.rd.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
315 B 101ms
63ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=681234&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22245fbb1c55a1684%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.24.2%22%2C%22userIds%22%3A%5B%5D%2C%22err%22%3A%7B%222%22%3A2%7D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2225edd328f8eaa3c%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22681234%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F6178%2Frdg_desktop%2Farticle%2Frail_1%22%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22permutive.com%22%2C%22segment%22%3A%5B%5D%7D%5D%7D%7D
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2aa8c28e970f075e589b8f5199c9bc662db7d2eb240681e16b5b13365811cd7c

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFtLHGx1OHc3FofkPk2Gr%2FaR%2BLAisctPx%2FUyE%2Bm8Ygr%2Fw1wfnRRFcbKRRRDbPmpKehkBD2RxoH8F3cWhGUtWKh%2FL%2Fj37tJlpArAkh7xyxYWeN0kz22bpCgdYOQEpVm4oaIR8yYhX"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.rd.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73cb3f546b799ba0-FRA
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
823 B 154ms
80ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

8568d01f2fda8fad450ff7bf68bdfc51f6f10e0ebd60c0433e577e655870d8f6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:57 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: cafdece2-d157-4bff-bf76-0c8b2ed1b08f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.rd.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 173 B
400 B 147ms
41ms XHR
application/json 3.65.41.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.65.41.66 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-41-66.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 00b5f0136b24fd8dbaf589b0ecac23eb7b3b295d7961507a4c5544120f97f98b

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
x-prebid: pbs-java/1.96.0
content-type: application/json
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
315 B 97ms
64ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=681323&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%223119bee2977e0ce%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.24.2%22%2C%22userIds%22%3A%5B%5D%2C%22err%22%3A%7B%222%22%3A2%7D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2232b929c1a02b493%22%2C%22ext%22%3A%7B%22siteID%22%3A%22681323%22%2C%22sid%22%3A%22640x480%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22context%22%3A%22instream%22%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22playerSize%22%3A%5B640%2C480%5D%2C%22maxduration%22%3A300%2C%22minduration%22%3A15%2C%22api%22%3A%5B2%5D%2C%22linearity%22%3A1%2C%22playbackmethod%22%3A%5B2%5D%2C%22placement%22%3A1%2C%22w%22%3A640%2C%22h%22%3A480%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22permutive.com%22%2C%22segment%22%3A%5B%5D%7D%5D%7D%7D
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d23b41ceb2fff3eb233d91c8ea44f3443850ea33161e234d529c88b55e85746

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OBvnnyZBBFESUzWkB3ghkAw%2B8X9eAnu%2F9lXjDgQJfXO3%2B6nyOdaTTuUwHrD66KXA0JvQKc3lgMZ06onEdaC1dW7zUrAMXcokiKKH83SYGuFK4smDf%2FQmI%2FbUuTLtUqRKKegjdZ9G"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.rd.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73cb3f546b759ba0-FRA
expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
519 B 61ms
41ms XHR
application/json 3.125.201.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.125.201.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-125-201-50.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
accept-ch: sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
135 B 301ms
239ms XHR
text/plain 15.188.216.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.188.216.240 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-188-216-240.eu-west-3.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:57 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
19 B 169ms
91ms XHR
text/plain 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
access-control-allow-credentials: true
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 302ms
42ms Preflight 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://www.rd.com
access-control-max-age: 600
age: 0
content-length: 0
date: Thu, 18 Aug 2022 14:12:57 GMT
server: ATS/9.1.10.25

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
702 B 113ms
39ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:57 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d409bd56-2342-460a-aa79-5ad97fcf7d1d
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.rd.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 173 B
400 B 140ms
43ms XHR
application/json 3.65.41.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.65.41.66 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-41-66.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 971fb473684bea2b533553aba880840806fe17a19e0d8cc097c30238024287e8

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
x-prebid: pbs-java/1.96.0
content-type: application/json
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 169
expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
520 B 53ms
40ms XHR
application/json 3.125.201.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.125.201.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-125-201-50.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:12:57 GMT
accept-ch: sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height
x-auction-status: 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.rd.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
135 B 202ms
148ms XHR
text/plain 15.188.216.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.188.216.240 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-188-216-240.eu-west-3.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:57 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
316 B 81ms
59ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=681323&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%22477784cbbaf15b5%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.24.2%22%2C%22userIds%22%3A%5B%5D%2C%22err%22%3A%7B%222%22%3A2%7D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22480e2772a280125%22%2C%22ext%22%3A%7B%22siteID%22%3A%22681323%22%2C%22sid%22%3A%22640x480%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22context%22%3A%22instream%22%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22playerSize%22%3A%5B640%2C480%5D%2C%22maxduration%22%3A300%2C%22minduration%22%3A15%2C%22api%22%3A%5B2%5D%2C%22linearity%22%3A1%2C%22playbackmethod%22%3A%5B2%5D%2C%22placement%22%3A1%2C%22w%22%3A640%2C%22h%22%3A480%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22permutive.com%22%2C%22segment%22%3A%5B%5D%7D%5D%7D%7D
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44ef010f29841d3f1b51cd6acef462cdf0f28db28fcc8aa1a289e6e93afb9c99

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WOB7LsGLwC%2BK08wxX7UcxRTq9xNeIku4LJ89YlqEifF%2BFW2WraaZ0tLhreon6%2BQ9sHEpmPUV8wJ3ufrEKk4ARuZywNfXWuwrtCU%2BwaV9Lp18%2FQgfFYejf5zk46GM5AjFE40muwr9"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.rd.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73cb3f546b789ba0-FRA
expires: 0

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
192 B 167ms
88ms XHR
text/plain 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
access-control-allow-credentials: true
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 293ms
41ms Preflight 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://www.rd.com
access-control-max-age: 600
age: 0
content-length: 0
date: Thu, 18 Aug 2022 14:12:57 GMT
server: ATS/9.1.10.25

GET
H/1.1 204
No Content a-00x0
i.liadm.com/s/c/ Frame FB07 0
0 504ms
123ms Document
text/plain 18.211.56.22
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://i.liadm.com/s/c/a-00x0?s=&cim=&ps=true&ls=true&duid=0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny&ppid=0&euns=1&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Requested by

Host: b-code.liadm.com
URL: https://b-code.liadm.com/sync-container.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.211.56.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-211-56-22.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Date: Thu, 18 Aug 2022 14:12:57 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK baker
sli.rd.com/ 19 B
359 B 205ms
42ms Image
image/gif 23.36.162.30
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sli.rd.com/baker?dtstmp=1660831977629
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.30 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-30.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Expires: Thu, 18 Aug 2022 14:12:57 GMT
Connection: keep-alive
Content-Length: 19
Content-Type: image/gif

OPTIONS
H2 200 event
prebid-a.rubiconproject.com/ Frame 0
0 144ms
39ms Preflight 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Thu, 18 Aug 2022 14:12:57 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 event
prebid-a.rubiconproject.com/ Frame 0
0 144ms
39ms Preflight 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Thu, 18 Aug 2022 14:12:57 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 202 event Show response
prebid-a.rubiconproject.com/ 61 B
225 B 42ms
41ms XHR
application/json 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: edda75d7dc3a6104c5af0f926c5ae645ae25eb8c4f8a601c6d5293378e858a5c

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 18 Aug 2022 14:12:57 GMT
content-length: 61
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

POST
H2 202 event Show response
prebid-a.rubiconproject.com/ 61 B
225 B 39ms
39ms XHR
application/json 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: edda75d7dc3a6104c5af0f926c5ae645ae25eb8c4f8a601c6d5293378e858a5c

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 18 Aug 2022 14:12:57 GMT
content-length: 61
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 174ms
84ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 18 Aug 2022 14:12:57 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FDF7 13 KB
5 KB 115ms
38ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 18 Aug 2022 13:30:14 GMT
expires: Fri, 18 Aug 2023 13:30:14 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A804 783 B
534 B 124ms
47ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

21018cfb1e8155f5757f52bf3eead69d23b67d3bf298d0aa97aeb92d4e7dd2a1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6h1zblpN-rvt_By5UmUihw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-6h1zblpN-rvt_By5UmUihw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 18 Aug 2022 14:12:58 GMT
expires: Thu, 18 Aug 2022 14:12:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js Show response
pagead2.googlesyndication.com/bg/ Frame FDF7 36 KB
14 KB 113ms
38ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:20:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 168752
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14092
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Aug 2023 15:20:26 GMT

GET
H2 200 59703b7e14197aeb1fe9.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 6 KB
3 KB 113ms
112ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/59703b7e14197aeb1fe9.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/789D) /

Resource Hash

12f8e16de96fcaba1aaf32802ef8583cee0ebbd534d4c9216cdd09964381b5f8

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "16dc-wD3215XuyBjWPHpNO96THirjDh0+gzip"
age: 82627
x-cache: HIT
content-length: 2425
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:51 GMT
server: ECAcc (nya/789D)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

GET
H2 200 5e68e7ad13123c6f1486.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 58 KB
15 KB 116ms
116ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/5e68e7ad13123c6f1486.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/1C25) /

Resource Hash

d838708f9080299078c167af8e85a8cba9b28e00c13491d28f332dda28881fca

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "e8bf-WVpirBrx0vBlFSCfkVyM3S9tlU4+gzip"
age: 82627
x-cache: HIT
content-length: 14950
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:51 GMT
server: ECAcc (nya/1C25)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A804 0
0 138ms
74ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081601&jk=2899785851612939&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

OPTIONS
H2 200 event
prebid-a.rubiconproject.com/ Frame 0
0 39ms
38ms Preflight 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 202 event Show response
prebid-a.rubiconproject.com/ 61 B
225 B 39ms
39ms XHR
application/json 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: edda75d7dc3a6104c5af0f926c5ae645ae25eb8c4f8a601c6d5293378e858a5c

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 18 Aug 2022 14:12:58 GMT
content-length: 61
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

OPTIONS
H2 200 event
prebid-a.rubiconproject.com/ Frame 0
0 39ms
39ms Preflight 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 202 event Show response
prebid-a.rubiconproject.com/ 61 B
225 B 39ms
39ms XHR
application/json 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: edda75d7dc3a6104c5af0f926c5ae645ae25eb8c4f8a601c6d5293378e858a5c

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 18 Aug 2022 14:12:58 GMT
content-length: 61
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H2

200

wYVLwyRG-120.vtt Show response
assets-jpcust.jwpsrv.com/strips/
Redirect Chain

https://cdn.jwplayer.com/strips/wYVLwyRG-120.vtt
https://assets-jpcust.jwpsrv.com/strips/wYVLwyRG-120.vtt

5 KB
966 B

134ms
39ms

XHR
text/vtt

2a04:4e42:400::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-jpcust.jwpsrv.com/strips/wYVLwyRG-120.vtt
Protocol: H2
Server: 2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: cc1ce1339a76ca1f615d8d9dfd2b25adc02ed8653f5d68af91f0208de27657cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
age: 684
x-cache: HIT, HIT
content-length: 632
x-served-by: cache-iad-kcgs7200106-IAD, cache-ams21024-AMS
access-control-allow-origin: *
last-modified: Tue, 12 Jun 2018 08:50:58 GMT
server: nginx
x-timer: S1660831978.363737,VS0,VE1
etag: "1051afcfb8153b11250e94c6cbe4d761"
vary: Accept-Encoding
content-type: text/vtt
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits: 1, 1

Redirect headers

date: Thu, 18 Aug 2022 14:12:58 GMT
via: 1.1 da392114e7046bd9720a70f40c796f62.cloudfront.net (CloudFront)
server: openresty
x-amz-cf-pop: FRA60-P4
location: https://assets-jpcust.jwpsrv.com/strips/wYVLwyRG-120.vtt
x-cache: Miss from cloudfront
content-type: text/html
access-control-allow-origin: *
content-length: 166
x-amz-cf-id: N-b8qW9HEkeOGYFF4EUmlIzmhyZ9kiLOZCIDyyDu7o-u2RtCCuhSuw==

GET
H2 200 provider.cast.js Show response
ssl.p.jwpcdn.com/player/v/8.25.8/ 30 KB
10 KB 39ms
39ms Script
application/javascript 2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.25.8/provider.cast.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: afbeecfcb775ea87363f8eb7105a6ab60cb64eadb7a71a455cd52cc3cc8d5740

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
age: 1980270
x-cache: HIT
content-length: 9979
via: 1.1 varnish
x-served-by: cache-ams21066-AMS
last-modified: Sat, 23 Jul 2022 00:14:24 GMT
server: AmazonS3
x-timer: S1660831978.149252,VS0,VE0
etag: "3d9f8f127a9dd0a2a3789c6cb87c5c7a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 78178

GET
H2 200 related.js Show response
ssl.p.jwpcdn.com/player/v/8.25.8/ 106 KB
25 KB 41ms
40ms Script
application/javascript 2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.25.8/related.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 388e31e7568caaf46c0e4ad833c001f35b03dfd85f820515132305b7eefd21c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
age: 1431396
x-cache: HIT
content-length: 25400
via: 1.1 varnish
x-served-by: cache-ams21066-AMS
last-modified: Sat, 23 Jul 2022 00:14:26 GMT
server: AmazonS3
x-timer: S1660831978.149971,VS0,VE0
etag: "47dc8e43c13e8287b3f1b3b2822b8305"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 228056

GET
H2 200 / Show response
videodam.tmbi.com/wp-json/wp/v2/video/ 3 KB
2 KB 147ms
57ms XHR
application/json 2606:4700:4400::ac40:99f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://videodam.tmbi.com/wp-json/wp/v2/video/?jw_id=wYVLwyRG

Requested by

Host: www.rd.com
URL: https://www.rd.com/wp-includes/js/jquery/jquery.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:99f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b871bbed27113349129de267d64b9b9b987a7e4fb3d4224e3b16b3296bf8cb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3413
x-cache: MISS
allow: GET
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-robots-tag: noindex
last-modified: Thu, 18 Aug 2022 13:16:05 GMT
server: cloudflare
x-wp-totalpages: 1
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Origin
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-hosted-by: 45AIR.COM
x-wp-total: 1
access-control-allow-credentials: true
cf-ray: 73cb3f5809a190b2-FRA
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-cache-hits: 0

GET
H3 200 bridge3.525.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 17A7 635 KB
205 KB 137ms
45ms Document
text/html 2a00:1450:400a:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400a:801::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d47d16bf34e4c557ae13192bf351083ee15c9bed72a139fb1e14272d7b391230

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 180276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210284
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 12:08:22 GMT
expires: Wed, 16 Aug 2023 12:08:22 GMT
last-modified: Mon, 15 Aug 2022 15:50:27 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 165ms
51ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Aug 2022 14:12:58 GMT

GET
H2 204 ping.gif
prd.jwpltx.com/v1/jwplayer6/ 0
40 B 163ms
130ms Image
text/plain 2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/jwplayer6/ping.gif?h=1518738373&e=e&n=8583155994438285&abc=0&abt=162_ad-iab-viewability_v4%2C128_sendDomainToFeedsOn&aid=UV3t3od4EeeD_gY3v_uBow&amp=0&ask=DPCwJXPi&at=1&c=1&ccp=0&cp=0&d=2&eb=0&ed=6&emi=r1i9utbxzd84&i=0&id=wYVLwyRG&lid=chrq1tmizle1&lsa=read&mt=1&pbd=1&pbr=1&pgi=1fb52vb1a485&ph=1&pid=wjcpcdaI&pii=0&pl=383&plc=24&pli=nheqgxlk2use&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Protect%20Yourself%20from%20These%20Scams%3F&pu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pv=8.25.8&pyc=0&s=1&sdk=0&stc=1&stpe=0&t=How%20to%20Get%20Rid%20of%20Blackheads%2C%20According%20to%20Dr.%20Pimple%20Popper&tv=3.40.0&vb=0&vi=0&vl=90&wd=681&ab=1&cae=0&cb=1&cdid=jwp_636e11a618f4c757edcd25b1d3955b15&cme=0&dd=0&fed=tueun4W6&flc=1&fv=&ga=0&lng=en-US&mk=hls&mu=https%3A%2F%2Fcdn.jwplayer.com%2Fmanifests%2FwYVLwyRG.m3u8&pbc=1&pd=2&pdr=&plng=en-US&plt=2500&pni=0&po=0&pogt=What%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Spot%20It%3F&rf=%2F%2Fcontent.jwplatform.com%2Fv2%2Fplaylists%2FhFIGA5RR%3Frelated_media_id%3DMEDIAID&sp=0&st=1720&sa=1660831978132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
via: 1.1 varnish
server: nginx
accept-ranges: bytes
x-served-by: cache-ams21066-AMS
x-cache: MISS
x-cache-hits: 0

GET
H2 204 ping.gif
prd.jwpltx.com/v1/clienta/ 0
26 B 159ms
130ms Image
text/plain 2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/clienta/ping.gif?h=-1386554554&e=ar&n=5799312010728717&abc=0&abt=162_ad-iab-viewability_v4%2C128_sendDomainToFeedsOn&aid=UV3t3od4EeeD_gY3v_uBow&amp=0&ask=DPCwJXPi&at=1&c=1&ccp=0&cp=0&d=2&eb=0&ed=6&emi=r1i9utbxzd84&i=0&id=wYVLwyRG&lid=chrq1tmizle1&lsa=read&mt=1&pbd=1&pbr=1&pgi=1fb52vb1a485&ph=1&pid=wjcpcdaI&pii=0&pl=383&plc=24&pli=nheqgxlk2use&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20Is%20Spoofing%2C%20and%20How%20Can%20You%20Protect%20Yourself%20from%20These%20Scams%3F&pu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&pv=8.25.8&pyc=0&s=1&sdk=0&stc=1&stpe=0&t=How%20to%20Get%20Rid%20of%20Blackheads%2C%20According%20to%20Dr.%20Pimple%20Popper&tv=3.40.0&vb=0&vi=0&vl=90&wd=681&ab=1&abid=pfqdzpz84ctg&adi=pfqdzpz84ctg&apid=pfqdzpz84ctg&awi=1&awc=1&p=0&pc=0&pi=0&pr=0&vu=pubads.g.doubleclick.net&apr=1&apt=1&rtp=%7B%7D&vsrid=7380859f-160b-420d-9ae5-cac4cde246e5&sa=1660831978155
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
via: 1.1 varnish
server: nginx
accept-ranges: bytes
x-served-by: cache-ams21066-AMS
x-cache: MISS
x-cache-hits: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 125ms
47ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.rd.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 122ms
47ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.rd.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 56 KB
12 KB 415ms
414ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2899785851612939&correlator=4408508003667320&eid=31069030%2C31062931&output=ldjh&gdfp_req=1&vrg=2022081601&ptt=17&impl=fifs&iu_parts=6178%2Crdg_desktop%2Carticle%2Cprearticle&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=970x250%7C970x90%7C728x90%7C3x3&ifi=3&adks=3956538848&sfv=1-0-38&fsapi=false&prev_scp=pos%3Dprearticle%26location%3Dtop%26tf%3Datf%26amznbid%3D2%26amznp%3D2%26m_mv%3DslotNoSlotData%26m_gv%3DslotNoSlotData&eri=1&cust_params=permutive%3D%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgv_crime%252Cmoat_unsafe%26m_mv%3DdataAvailable%26m_gv%3DdataAvailable%26refresh%3Don%26rtime%3D30%26rnum%3D10%26property%3D6178%26siteId%3Drdg%26pageType%3Darticle%26url%3D%252Farticle%252Fspoofing%252F%253F_PermHash%253Dc6824c8aae3ae3e262976413aaa5971fd5eb76e6e02315a90fdb6b542cbd1c73%2526_cmp%253Dreaduprdus%2526_ebid%253Dreaduprdus8182022%2526_mid%253D523412%2526ehid%253D25FF2A3BF8F69A627CAA1998BF728EAA0034FFBE%26keywords%3Dcrime%252Cscams%252Ctech%26category%3Dcrime%252Cscams%252Ctech%26topic%3Dcrime%252Cscams%252Ctech%26pt%3Darticle%26platform%3Ddesktop%26theme%3Dnew%26contentID%3D1747286%26sponsors%3Dno_value%26source%3Doriginal_to_tmbi%26categories-v2%3Dscams%252Ctech%26ep_custom_result%3Dno_value%26author%3Dbrooke-nelson%26content_group%3Dno_value%26afc%3Dno%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26ebid%3D%26campaign%3D%26mid%3D%26TMCM%3Dc57eb917-b1d4-4071-95f8-b095cf7abdd0%26gdpr_cookie_accepted%3Dtrue%26refer%3D%26random%3D23%26page_depth%3D1%26nwltr%3Dreaduprdus8182022&sc=1&cookie=ID%3D2faaf2245e79e5bb-22cd4385f9cd00ad%3AT%3D1660831977%3AS%3DALNI_MYczlIj3vwMt9O9O_3dGbf6k0OfqQ&abxe=1&dt=1660831978167&lmt=1660830662&dlt=1660831975721&idt=915&adxs=315&adys=177&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&frm=20&vis=1&psz=1260x275&msz=1260x270&fws=0&ohw=0&psts=AEC3cPLEC5p1exrRec7vYVQlnhNd%2CAEC3cPLEC5p1exrRec7vYVQlnhNd&ga_vid=979978838.1660831977&ga_sid=1660831978&ga_hid=969507202&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

a382071532339fc79ce7928b5d9a46046d55e222a57866b9501e3680d7c37ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12570
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 56 KB
13 KB 734ms
734ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2899785851612939&correlator=4408508003667320&eid=31069030%2C31062931&output=ldjh&gdfp_req=1&vrg=2022081601&ptt=17&impl=fifs&iu_parts=6178%2Crdg_desktop%2Carticle%2Crail_1&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=4&adks=464780107&sfv=1-0-38&fsapi=false&prev_scp=location%3Dtop%26tf%3Datf%26pos%3Drail_1%26amznbid%3D2%26amznp%3D2%26m_mv%3DslotNoSlotData%26m_gv%3DslotNoSlotData&eri=1&cust_params=permutive%3D%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgv_crime%252Cmoat_unsafe%26m_mv%3DdataAvailable%26m_gv%3DdataAvailable%26refresh%3Don%26rtime%3D30%26rnum%3D10%26property%3D6178%26siteId%3Drdg%26pageType%3Darticle%26url%3D%252Farticle%252Fspoofing%252F%253F_PermHash%253Dc6824c8aae3ae3e262976413aaa5971fd5eb76e6e02315a90fdb6b542cbd1c73%2526_cmp%253Dreaduprdus%2526_ebid%253Dreaduprdus8182022%2526_mid%253D523412%2526ehid%253D25FF2A3BF8F69A627CAA1998BF728EAA0034FFBE%26keywords%3Dcrime%252Cscams%252Ctech%26category%3Dcrime%252Cscams%252Ctech%26topic%3Dcrime%252Cscams%252Ctech%26pt%3Darticle%26platform%3Ddesktop%26theme%3Dnew%26contentID%3D1747286%26sponsors%3Dno_value%26source%3Doriginal_to_tmbi%26categories-v2%3Dscams%252Ctech%26ep_custom_result%3Dno_value%26author%3Dbrooke-nelson%26content_group%3Dno_value%26afc%3Dno%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26ebid%3D%26campaign%3D%26mid%3D%26TMCM%3Dc57eb917-b1d4-4071-95f8-b095cf7abdd0%26gdpr_cookie_accepted%3Dtrue%26refer%3D%26random%3D23%26page_depth%3D1%26nwltr%3Dreaduprdus8182022&sc=1&cookie=ID%3D2faaf2245e79e5bb-22cd4385f9cd00ad%3AT%3D1660831977%3AS%3DALNI_MYczlIj3vwMt9O9O_3dGbf6k0OfqQ&abxe=1&dt=1660831978175&lmt=1660830662&dlt=1660831975721&idt=915&adxs=991&adys=467&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&frm=20&vis=1&psz=367x275&msz=367x275&fws=512&ohw=0&psts=AEC3cPLEC5p1exrRec7vYVQlnhNd%2CAEC3cPLEC5p1exrRec7vYVQlnhNd&ga_vid=979978838.1660831977&ga_sid=1660831978&ga_hid=969507202&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081601.js?cb=31069030

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

504a50c660f28db8571deb0de4d57d99230c027b01fa820010df030de298df78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12925
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.rd.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ 4 KB
3 KB 262ms
174ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1

Requested by

Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/Qrhs7tJs.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 18 Aug 2022 14:12:58 GMT

GET
H2 200 0dd47240a5f3135fae49.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 132 KB
43 KB 113ms
113ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/0dd47240a5f3135fae49.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/7970) /

Resource Hash

b423a0606a3921c194a4b9a7fae62b3c3767877fde6602c42428f10023f26d21

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "20e65-7RPSyapI3RKD65RpUNgNnsgpZpA+gzip"
age: 82627
x-cache: HIT
content-length: 43906
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:51 GMT
server: ECAcc (nya/7970)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

GET
H2 200 97bc8a700c8c16f01d6e.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 112 KB
29 KB 116ms
115ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/97bc8a700c8c16f01d6e.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/7886) /

Resource Hash

c0b195905fdb73566a39eff0a966a34751098e677648810fae752c3a936584cc

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "1c10f-99u2R4Q9LGPGwyA/r6KDjtWhLog+gzip"
age: 82627
x-cache: HIT
content-length: 29225
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:51 GMT
server: ECAcc (nya/7886)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

POST
H2 204 i
t.beop.io/ 0
135 B 54ms
53ms Ping
text/plain 34.251.24.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.beop.io/i?_ck=bf760bb791858c2b39b9125ff2b0762e
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/0bd906b837cebaeac8d1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.24.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-24-18.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
access-control-allow-credentials: true
server: http-kit
access-control-expose-headers

POST
H2 204 i
contents-tracking.beop.io/ 0
135 B 98ms
53ms Ping
text/plain 34.251.24.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://contents-tracking.beop.io/i?_ck=f175f184ee63ecd8fb1d26d041af33a0
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/0bd906b837cebaeac8d1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.24.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-24-18.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
access-control-allow-credentials: true
server: http-kit
access-control-expose-headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FDF7 0
10 B 37ms
36ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?44MnQQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 css2
fonts.googleapis.com/ 3 KB
562 B 132ms
48ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

63e55165cb26efa3df20628f8c2dfc0b13e7d7e7629761fe9f43b34d5498ea46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 14:08:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 18 Aug 2022 14:12:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Aug 2022 14:12:58 GMT

POST
H2 200 contents_commits Show response
data.beop.io/ 2 B
182 B 58ms
56ms XHR
application/json 52.213.82.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.beop.io/contents_commits?nuid=9a0db705-8efc-4096-9d18-de00d84b1e46&sdk_version=9.6.100
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/8cdea80cc4922c6071ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.82.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-82-126.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: application/json
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
access-control-allow-credentials: true
server: http-kit
content-type: application/json; charset=utf-8
content-length: 2
access-control-expose-headers

OPTIONS
H2 200 contents_commits
data.beop.io/ Frame 0
0 194ms
56ms Preflight 52.213.82.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.beop.io/contents_commits?nuid=9a0db705-8efc-4096-9d18-de00d84b1e46&sdk_version=9.6.100
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.82.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-82-126.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.rd.com
access-control-max-age: 86400
content-length: 9
date: Thu, 18 Aug 2022 14:12:58 GMT
server: http-kit

GET
H3 200 cast_framework.js Show response
www.gstatic.com/cast/sdk/libs/sender/1.0/ 36 KB
12 KB 134ms
58ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf016295997068c6cd58f52c4fca8fdec2806b76e09b12521fcf734e0fcbf5f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12390
x-xss-protection: 0
last-modified: Mon, 06 Jul 2020 23:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"chrome-dongle","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/chrome-dongle"}]}
content-type: text/javascript
cache-control: private, max-age=0
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="chrome-dongle"
expires: Thu, 18 Aug 2022 14:12:58 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/104/ 52 KB
15 KB 118ms
42ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/104/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a35a51e32439cce8b4dd6734f65c18debec94ca81a30640b2ccaba988ce1639e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 15:51:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80488
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15107
x-xss-protection: 0
last-modified: Mon, 30 May 2022 15:03:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Thu, 18 Aug 2022 15:51:30 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 17A7 156 B
751 B 335ms
334ms XHR
text/xml 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F6178%2Frdg_desktop%2Farticle%2Fvideo&description_url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&env=vp&correlator=952459753862350&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x480&cust_params=contentid%3D1747286%26vid%3DwYVLwyRG%26category%3Dcrime%252Cscams%252Ctech%26topic%3Dcrime%252Cscams%252Ctech%257C%26min_ad_duration%3D4000%26max_ad_duration%3D61000%26unviewed_position_start%3D1%26tc%3D%26refer%3D%26abt%3D%26pt%3Darticle%26TMCM%3Dc57eb917-b1d4-4071-95f8-b095cf7abdd0%26permutive%3D%26tags%3DRDU%2Cadvice%2Cbeauty%26contentlength%3D150%26playlistpos%3D0%26context%3Dic_3165844%2Cic_2002746%2Cic_0333546%2Cic_6892597%2Cic_6353215%2Cic_7880636%2Cic_1154601%2Cic_2251878%2Cic_0181786%2Cic_6848083%2Cic_0702043%2Cic_6848684%2Cic_9301104%2Cic_9954675%2Cic_3393155%2Cic_5095749%2Cic_6837436%2Cic_8098164%2Cic_6174988%2Cic_1771889%2Cic_1606774%2Cic_6906596%2Cic_7733147%2Cic_4669274%2Cic_1606774%2Cic_6848083%2Cic_3165844%2Cic_6837436%2Cic_0702043%2Cic_6906596%2Cic_5046306%26iris_id%3Diris_6c2ca775593d0a97%26hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vid_t=How%20to%20Get%20Rid%20of%20Blackheads%2C%20According%20to%20Dr.%20Pimple%20Popper&vpa=auto&vpmute=1&sdkv=h.3.525.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&unviewed_position_start=1&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&mpt=jwplayer&mpv=8.25.8&sdki=44d&ptt=20&adk=4116463450&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.525.0&sid=6AAB5405-C404-4806-BF1C-4DFE176045E9&nel=0&eid=44737473%2C44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&url=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&dt=1660831978477&cookie=ID%3D2faaf2245e79e5bb-22cd4385f9cd00ad%3AT%3D1660831977%3AS%3DALNI_MYczlIj3vwMt9O9O_3dGbf6k0OfqQ&scor=2034973654587810&ged=ve4_td2_tt0_pd2_la2000_er8635.250.8788.550_vi0.0.1200.1600_vp0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
30 KB 120ms
43ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 17:46:43 GMT
x-content-type-options: nosniff
age: 159975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Aug 2023 17:46:43 GMT

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
30 KB 116ms
39ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 17:46:43 GMT
x-content-type-options: nosniff
age: 159975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Aug 2023 17:46:43 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208081650000/ Frame 1731 220 KB
61 KB 123ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61502
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "df13b0b17adb5918"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 1731 14 KB
5 KB 187ms
103ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5197
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aca8368210f82021"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 1731 94 KB
28 KB 190ms
107ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28794
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cc093c4134ec5f1e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 1731 5 KB
2 KB 205ms
122ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ef17e6cba96d5668"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 1731 40 KB
13 KB 206ms
123ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12948
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e07a681963ea9f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 1731 6 KB
672 B 47ms
46ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 14:03:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 18 Aug 2022 14:12:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Aug 2022 14:12:58 GMT

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ 68 B
345 B 210ms
42ms Image
image/png 52.57.125.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_VUhVbWFyT0VNVmNWWHRjazVtMm1kbERqWlFvLzIzNDk1MzgyODk6OTcweDI1MA==&v=5&s=v31gaokpl4m&sb=-1&h=www.rd.com&cb=436634&d=eyJ3aCI6IlZVaFZiV0Z5VDBWTlZtTldXSFJqYXpWdE1tMWtiRVJxV2xGdkx6SXpORGsxTXpneU9EazZPVGN3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyMzQ5NTM4Mjg5LCJ3IjoiOTcwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=&id=eyJkZnAiOnsiYWQiOjgxMTg4MDU3LCJjIjpudWxsLCJsIjowLCJvIjoyMzQ5NTM4Mjg5LCJBIjoiLzYxNzgvcmRnX2Rlc2t0b3AvYXJ0aWNsZS9wcmVhcnRpY2xlIiwieSI6MTc5NjgxLCJjbyI6MCwicyI6ImFkNjJmZTQzYzY4ODI0MSJ9fQ%3D%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.125.17 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-125-17.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:58 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1731 2 KB
2 KB 38ms
37ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 19:03:14 GMT
x-content-type-options: nosniff
server: cafe
age: 68984
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 18 Aug 2022 19:03:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1731 295 B
319 B 37ms
36ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 05:50:56 GMT
x-content-type-options: nosniff
server: cafe
age: 30122
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 19 Aug 2022 05:50:56 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1731 0
0 46ms
46ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR63YRRJiAsibefbgHLGqpcyTwO-u9v3C3YiS1XCcIiSkVO3-Dh_5bQT-xrvxvcyyH8gKiu
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1731 0
0 82ms
81ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDY3s6kj-YrabDryv-gaU5pGgCdi7v9Roh9m71e0Nue7wyKoBEAEg_Y3LGGCVgoCAoAegAd3f68sDyAEJqQLYTvEa6i2nPuACAKgDAcgDCqoEpQNP0MjPzMn5K7hl3sU3o6t0E4yPblgMjrbthb1aE4FV3I3pyyamS-OetUB3qzltahZda37UC_edutpqBmS5R-9B2sTl5wZBRrXkpfH4GY1JBXvHL8FOtLo7y0s1k4hgCqymXgD-oWjFCLxkSJ7CqaNIu_r8G_ElTyskA8ZcPbpwUBWTayKenHGlAqgFVM9_dm90_LH5KsUgv8DUZECTlZEjSGDrfaLOxwGr7USTX_ks0-0DKnXjjw14yKbKnjBjguSsvxSUTk4-nfgwYxCc2Z5eh5oUTXmib_JMyvjMbxlCollVZtW9ZWUi9VlsuLwaHGBvh1bKeuIUyWfd9udG6vfkPQzKnNUJOkrtGkmka--s6WE-iSaBwbgHKU9T5UKhLKmS4hnOEJGKbtzy00SKGYh4AOWXn6a25Ba4JCVS--QtLj-iPG2CR-LsEWAHwSNprv1-m7bZ8661rq_fRkteJUqZFqkd_Zvlf1EQTEGDDWwAz99Z4qI7IifNI5xxzOQnsQQFRseCV_RaLlCR2apRqf1g05ijdjXUOlYDt8cgJzhVioDb8quqwAS-vK2k0APgBAGSBQQIBBgBkgUECAUYBKAGLoAHi6CUNKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEPeoD9IIEQiA4YBwEAEYHTIC6wI6AoBAgAoDyAsBuBPkA9gTDYgUAdAVAZgWAYAXAbIXHgocCAASFHB1Yi0xNjI5NjEyNzU5NjQxNTIwGNmhFQ&sigh=XIoZahu0V7c&uach_m=[UACH]&template_id=484
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 segments_to_partner.js Show response
cdn.krxd.net/partnerjs/ 7 KB
4 KB 167ms
37ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/partnerjs/segments_to_partner.js?partner=a272cefb-df39-4fcd-beff-79cd6cdf22ec&client=trust
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/tmbiyieldheader910374028064/moatheader.js?ver=1.0.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0ed9f4489f29950f54053b4620800f6f1e061f3a467dfda552104034a71c3da9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
age: 10
x-amz-server-side-encryption: AES256
x-cache: HIT
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 3459
x-served-by: cache-hhn4044-HHN
last-modified: Wed, 03 Jun 2020 21:02:49 GMT
x-timer: S1660831979.800965,VS0,VE0
etag: "db6884bae01ad7499be92887e1875ecc"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
accept-ranges: bytes
x-cache-hits: 2

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/11081285734889778875/ Frame 1731 16 KB
16 KB 38ms
38ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11081285734889778875/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f179c755189a964361e140490adb056e8722c5f478f8c4342de81ff067fd4e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 05:16:56 GMT
x-content-type-options: nosniff
age: 204962
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16455
x-xss-protection: 0
last-modified: Fri, 21 Aug 2020 04:05:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 16 Aug 2023 05:16:56 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9016717393505946649/ Frame 1731 2 KB
2 KB 38ms
38ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9016717393505946649/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74d497427fdbdadb41a3ae89ef2bb24f003c1022978fe606bfca26064d0bc53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 07:39:13 GMT
x-content-type-options: nosniff
age: 110025
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2004
x-xss-protection: 0
last-modified: Mon, 15 Oct 2018 22:53:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 17 Aug 2023 07:39:13 GMT

GET
DATA 200
OK truncated
/ Frame 1731 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78a6ac393831ac85bcd65353521b5cf0aeea5aefbc1a176d91bd389c6e7f2c6c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
274 B 48ms
48ms Image
image/gif 23.47.209.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=TMBI_PREBID_HEADER1&hp=1&zMoatAdUnit1=rdg_desktop&zMoatAdUnit2=article&zMoatAdUnit3=prearticle&wf=1&ra=3&pxm=7&sgs=3&vb=4&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1660831976009&de=212194965189&rx=814006546536&m=0&ar=1da355aa18f-clean&iw=601e6e1&q=1&cb=0&cu=1660831976009&ll=2&lm=0&ln=0&em=0&en=0&d=81188057%3A2349538289%3A4735949670%3A138302961529&cm=1&zGSRC=1&gu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&id=1&ii=4&bo=rdg_desktop&bd=prearticle&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=tmbiyieldheader910374028064&fd=1&it=500&pe=1%3A1165%3A1165%3A2513%3A1267&fs=199703&na=2094855507&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-209-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 18 Aug 2022 14:12:58 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 18 Aug 2022 14:12:58 GMT

OPTIONS
H2 200 event
prebid-a.rubiconproject.com/ Frame 0
0 40ms
40ms Preflight 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 202 event Show response
prebid-a.rubiconproject.com/ 61 B
225 B 39ms
39ms XHR
application/json 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: edda75d7dc3a6104c5af0f926c5ae645ae25eb8c4f8a601c6d5293378e858a5c

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 18 Aug 2022 14:12:58 GMT
content-length: 61
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H2 200 b6b1a79947fb5abb872f.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 13 KB
4 KB 125ms
125ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/b6b1a79947fb5abb872f.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/7992) /

Resource Hash

f838b3467a329431f0fe6a00705cf5ae17609fc27843141faa62e6d0d21159fd

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "359e-lFEfeKz4LfD9hkFXy+ImBUpvB68+gzip"
age: 82626
x-cache: HIT
content-length: 4319
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:52 GMT
server: ECAcc (nya/7992)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

GET
H2 200 4c4fd78e0d89ab7d5ed3.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 10 KB
3 KB 123ms
123ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/4c4fd78e0d89ab7d5ed3.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/79CF) /

Resource Hash

c978f89ecbf531f2b8bb903cab82fb0b0f1b44603dc1be644e028eebc655e89d

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "27d1-0Q5Aj7EerhR5FLKHrhtHe9s1pZc+gzip"
age: 82626
x-cache: HIT
content-length: 3164
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:52 GMT
server: ECAcc (nya/79CF)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

GET
H2 200 a9c4ca6005a52f61d761.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 7 KB
3 KB 120ms
119ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/a9c4ca6005a52f61d761.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/1C29) /

Resource Hash

af783b2650aaeb43013aa489f72edfaf2c1b348ad47681537265264414a1a7ee

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "1cbf-zZ+jfvdFTDyQmYiInv+/0s1P5sU+gzip"
age: 82626
x-cache: HIT
content-length: 2798
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:52 GMT
server: ECAcc (nya/1C29)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

GET
H2 200 d3bb874c9fb73cb4a830.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 29 KB
9 KB 120ms
120ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/d3bb874c9fb73cb4a830.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78E3) /

Resource Hash

d9965bd0089d0c1bd8f41ce32035d3db396a2c220fe4d6ec6ddd36e0059f20d7

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "740e-M3blVWUQlAu95bvEeFndvHMrKto+gzip"
age: 82626
x-cache: HIT
content-length: 9232
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:52 GMT
server: ECAcc (nya/78E3)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

GET
H2 200 68a5f7128f02fe73a19e.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 15 KB
5 KB 122ms
121ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/68a5f7128f02fe73a19e.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/798C) /

Resource Hash

345a8b8d3c375a4c3e1926696bf53c3912d32cf268b228572fd234ff7fcbaf4d

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "3b27-btvUXkabNoFw3g3kMuVhW8rqaT4+gzip"
age: 82626
x-cache: HIT
content-length: 5024
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:52 GMT
server: ECAcc (nya/798C)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

GET
H2 200 7c21e33d2b69a0d06545.js Show response
widget.beop.io/en/public/chunks/9.6.100/ 25 KB
7 KB 122ms
122ms Script
application/javascript 152.199.4.139
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.beop.io/en/public/chunks/9.6.100/7c21e33d2b69a0d06545.js

Requested by

Host: widget.beop.io
URL: https://widget.beop.io/sdk.js?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.139 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78B4) /

Resource Hash

b2d1dbaff2a9fd10473a77cb0f81aa18a8bbf256023575e7a2f3a159fbd10f05

Security Headers

Name	Value
Content-Security-Policy	frame-src ;script-src 'unsafe-inline' .pingdom.net www.youtube.com platform.twitter.com .instagram.com .beop.io .beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src .beop.io .beopinion.com;frame-ancestors .beop.io *.beopinion.com

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: frame-src *;script-src 'unsafe-inline' *.pingdom.net www.youtube.com platform.twitter.com *.instagram.com *.beop.io *.beopinion.com js.stripe.com service.mtcaptcha.com service2.mtcaptcha.com;font-src *.beop.io *.beopinion.com;frame-ancestors *.beop.io *.beopinion.com
content-encoding: gzip
etag: "6246-zvNvw12LqJIC1bfJFGSKqmh/y4I+gzip"
age: 82626
x-cache: HIT
content-length: 7565
x-ocdn-accept-language: de
last-modified: Wed, 17 Aug 2022 15:15:52 GMT
server: ECAcc (nya/78B4)
date: Thu, 18 Aug 2022 14:12:58 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 14:12:58 GMT

POST
H2 204 i
contents-tracking.beop.io/ 0
135 B 54ms
53ms Ping
text/plain 34.251.24.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://contents-tracking.beop.io/i?_ck=25cde4112cd74c4497fd174ab196c88e
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/0bd906b837cebaeac8d1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.24.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-24-18.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
access-control-allow-credentials: true
server: http-kit
access-control-expose-headers

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1731 15 KB
15 KB 38ms
38ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 11:47:17 GMT
x-content-type-options: nosniff
age: 267941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 11:47:17 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1731 15 KB
16 KB 37ms
37ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 376997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Aug 2023 05:29:41 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1731 15 KB
15 KB 48ms
48ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 22267
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Aug 2023 08:01:51 GMT

GET
H2

200

xd7aulte-120.jpg
assets-jpcust.jwpsrv.com/thumbnails/
Redirect Chain

https://cdn.jwplayer.com/v2/media/12ECMfaR/poster.jpg?width=120
https://assets-jpcust.jwpsrv.com/thumbnails/xd7aulte-120.jpg

5 KB
6 KB

40ms
39ms

Image
image/jpeg

2a04:4e42:600::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-jpcust.jwpsrv.com/thumbnails/xd7aulte-120.jpg
Protocol: H2
Server: 2a04:4e42:600::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0f828bc94f4e49dfbd522c713ab74d8d2569b0aefd3deee982b8f1bf168de08a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
age: 501
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 5507
x-served-by: cache-iad-kjyo7100101-IAD, cache-ams21066-AMS
access-control-allow-origin: *
last-modified: Wed, 09 Dec 2020 23:12:54 GMT
server: nginx
x-timer: S1660831979.889405,VS0,VE1
etag: "ac2c1e6f5a1a7f9f958fc191466ad0f9"
vary: Accept-Encoding
content-type: image/jpeg
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=900
accept-ranges: bytes
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits: 1, 1

Redirect headers

date: Thu, 18 Aug 2022 14:12:58 GMT
via: 1.1 21369bf2bfeb79adaa5bef1cb96f8540.cloudfront.net (CloudFront)
server: openresty
x-amz-cf-pop: FRA60-P4
location: https://assets-jpcust.jwpsrv.com/thumbnails/xd7aulte-120.jpg
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=180, max-stale=180
x-cache: Miss from cloudfront
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
content-length: 0
x-amz-cf-id: T-OMhMV6PREiHpvOD4IXxU8h_e9ka49Jwbn7hQfzpka6yFEkCTJE1A==

GET
H3 200 css2
fonts.googleapis.com/ 3 KB
562 B 48ms
48ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

63e55165cb26efa3df20628f8c2dfc0b13e7d7e7629761fe9f43b34d5498ea46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 13:28:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 18 Aug 2022 14:12:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Aug 2022 14:12:58 GMT

POST
H2 204 i
contents-tracking.beop.io/ 0
135 B 54ms
53ms Ping
text/plain 34.251.24.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://contents-tracking.beop.io/i?_ck=e01cda6639c403bcfe16ac513c07c0e4
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/0bd906b837cebaeac8d1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.24.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-24-18.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
access-control-allow-credentials: true
server: http-kit
access-control-expose-headers

POST
H2 204 i
contents-tracking.beop.io/ 0
135 B 54ms
54ms Ping
text/plain 34.251.24.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://contents-tracking.beop.io/i?_ck=4759f48aa23cecf0f69e8b12ce1784f7
Requested by: Host: widget.beop.io
URL: https://widget.beop.io/en/public/chunks/9.6.100/0bd906b837cebaeac8d1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.24.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-24-18.eu-west-1.compute.amazonaws.com
Software: http-kit /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.rd.com
date: Thu, 18 Aug 2022 14:12:58 GMT
access-control-allow-credentials: true
server: http-kit
access-control-expose-headers

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
30 KB 37ms
37ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 17:46:43 GMT
x-content-type-options: nosniff
age: 159975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Aug 2023 17:46:43 GMT

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
30 KB 42ms
42ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 17:46:43 GMT
x-content-type-options: nosniff
age: 159975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Aug 2023 17:46:43 GMT

GET
H2 200 get Show response
cdn.krxd.net/userdata/ 186 B
372 B 37ms
37ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/userdata/get?pub=700bca2a-e4ec-4f23-be94-47317652bac0&callback=kx_partner_segments
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/segments_to_partner.js?partner=a272cefb-df39-4fcd-beff-79cd6cdf22ec&client=trust
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d33913cfecc4f2519d04cff6a085ca1e8e5a524447fbf68ee3fbd95b76dd74e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
date: Thu, 18 Aug 2022 14:12:58 GMT
content-encoding: gzip
age: 858
x-served-by: userdata-a005-ash-prod.krxd.net, cache-hhn4044-HHN
vary: Accept-Encoding
x-cache: MISS, HIT
content-type: text/javascript
via: 1.1 varnish
cache-control: private, max-age=3600
x-age: 0
accept-ranges: bytes
x-timer: S1660831979.951883,VS0,VE1
content-length: 159
x-cache-hits: 0, 1

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 74ms
74ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022081601&jk=2899785851612939&bg=!NzSlNHDNAAYUOm8VNDo7ACkAdvg8WiW3nZvwJtzgoK-2QiTwOET1SpCBdm6wOBMupTUvlBgtXlA3FAIAAABoUgAAAAJoAQeZAsep9cztGtpWF1HfIrj_QeeADGHlh-GvYccGc7SLLlGeorztIJxUhsukUyHdM6bmvbqnL3rIBpuAxJ8gieUeXV0mOKwbVn8OStgsoAtJeo3iDpbbzQN6C5KSDHbe9z5XZUJdS_3YcuChGBMi9b3mPcHIha8YY86ADmkw66B_47zSNEvQcq4lhWQz4bEnEziG725ebSQPOIM3suQ1ObL13KY0_Lm0BYcbCOfoyYhQ_KvE6xqB4f2SbiXRMqqN1UMUQrO9jVU9aKbNEmrJ2i4bL51-F0PPocra1i-1_be7JxaWc9YsrqhJhFdmRJxIUaruJGcn4WoiwK9rK-ugy1kxGgY4N4kqioNjsHO_aGNrqBP__JOrg32jpDXG-hX8WMCiX5t6jG13ObuAHT50cKGxRSoZ3Q06iKbMqrSEdVwk17hAzrFar1WFb3MiB2Nj_rgWFKRX3WqOUSc8FVgNJ67aoW3GLPg35dBdWNWmjTUZ-5KVAtq_gRB7TjGITPkBO-pdcIKIMMQKRieKn5wGQ-eLFXU8QTcF_hhkrb4F6HEiDjfYeLJYCQrxFF7WQfa67DM4b4ooKCoEbc8tsP00kyDyaD3Npst6Rh-cA3b9Q9UiNYRehv4fadoLRhi1aD9JXNvmaaHucgAqiujGI-Q7NZ4yxcfqF157tcBGVkyS8dBO1662UiL4wc8LYDqWdsyP02kKqCfdOdu8o0ra_TLAxvrrI6_RpRd10RD0HCTXkZ0Bg9-pAwm2WagYwPbxZXy7d6DJvvy3af8efoF3XVXRn3tNe4LALzjFSNzIzhBE2VX3lir4uA6H-XWLLilMOoWTPlxi8FTgnI6MngeEgxHmQkN5jWxVDAHokL5fmz0T15A7bbXrlOREcyYW9beFJnkzcIEfPXlNLG5QOGjoK7GS9hfPm3Xe4qFMT7vtuQ_ZlQ3KQIx2BERKwcpzAac
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208081650000/ Frame 21C2 220 KB
60 KB 118ms
41ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248722
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61502
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "df13b0b17adb5918"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 21C2 14 KB
5 KB 115ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248722
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5197
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aca8368210f82021"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 21C2 94 KB
28 KB 181ms
105ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248722
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28794
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cc093c4134ec5f1e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 21C2 5 KB
2 KB 179ms
103ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248722
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ef17e6cba96d5668"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 21C2 40 KB
13 KB 168ms
93ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248722
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12948
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 17:07:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e07a681963ea9f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 17:07:37 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 21C2 6 KB
672 B 48ms
47ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 13:01:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 18 Aug 2022 14:12:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Aug 2022 14:12:59 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 21C2 2 KB
2 KB 37ms
36ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 19:03:14 GMT
x-content-type-options: nosniff
server: cafe
age: 68985
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 18 Aug 2022 19:03:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 21C2 295 B
319 B 38ms
37ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 05:50:56 GMT
x-content-type-options: nosniff
server: cafe
age: 30123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 19 Aug 2022 05:50:56 GMT

OPTIONS
H2 200 event
prebid-a.rubiconproject.com/ Frame 0
0 39ms
39ms Preflight 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.rd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Thu, 18 Aug 2022 14:12:59 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ 68 B
345 B 43ms
43ms Image
image/png 52.57.125.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_VUhVbWFyT0VNVmNWWHRjazVtMm1kbERqWlFvLzIzNDk1MzgyODk6MzAweDI1MA==&v=5&s=v31gaokplf2&sb=-1&h=www.rd.com&cb=8165891&d=eyJ3aCI6IlZVaFZiV0Z5VDBWTlZtTldXSFJqYXpWdE1tMWtiRVJxV2xGdkx6SXpORGsxTXpneU9EazZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyMzQ5NTM4Mjg5LCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=&id=eyJkZnAiOnsiYWQiOjgxMTg4MDU3LCJjIjpudWxsLCJsIjowLCJvIjoyMzQ5NTM4Mjg5LCJBIjoiLzYxNzgvcmRnX2Rlc2t0b3AvYXJ0aWNsZS9yYWlsXzEiLCJ5IjoxNzk2ODEsImNvIjowLCJzIjoiYWQ2MmZlNDNjNmE1ZDY3In19
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.125.17 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-125-17.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:12:59 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 21C2 0
0 50ms
49ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTPiURY43p-M7F13560TJIJmZi0zAZGk8MH4_qE2torYBcTF1sGTlTLJi3r5jNFxPXJREbO
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 21C2 0
0 81ms
80ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cfgqn6kj-YpCeIIH3-gb2mZb4CKKR7bFrtObHrvsPuuHomcsBEAEg_Y3LGGCVgoCAoAegAc_YiYYDyAEJqQJ-lWKwBRGxPuACAKgDAcgDCqoEqQNP0C0GT79PkmVSomL3iZXt2gW4TdgEQ-O7rVbP-X4ExHNOIJhxl5A8n2On1LBNwqH_6HeNM0SvnlLBc_ggH5LqvL38RzvoB1tDMvW2DsbupguMBwcbyALlb8JcCvr6jHg88FK8PlKXq3JcFXuJ2B6cGNuGvEqwYiRcHZ3hzz80z3PF0ftU3meRFDC8Uw9CmSOG38YQ-NinhuTcT21HxoZ0hWD8EoJhcZjCbVrIKtpWhQkl4ZcBGefPtopkSsKiVpzcaB4yC5cAV9R20ir94gQhkpqQ5NaecZooFRrP_Ubsw5I4rdvWk_6nKIfI44Az9TyoVcXxmhQHcUCwp05X_mFXS8UcbqksGIly1djY2nwLldSxHZoe_1fkNSjm_KmmX1Ec2_liOMxLtSJxxrghRCkKRJ64M0zYCiZR52jJd-6cmsiFWyQ8nQoahcivwDuF0gwm3Ak_sv6bFKesLiGmJsEF1HaCMU7Aj4mFfpQVJVTa64XmKCDL1IGdGMflN68QCHlhtmflSa5er0_HZJLY3nE1eSlBfrQeYZ-_LGJ7JHmEt_xcYFeCd4lPwsAEnNncycwC4AQBkgUECAQYAZIFBAgFGASgBi6AB5mn9nmoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBD3qA_SCBEIgOGAcBABGB0yAusCOgKAQIAKA8gLAbgT5APYEw3QFQGAFwGyFx4KHAgAEhRwdWItMTYyOTYxMjc1OTY0MTUyMBjZoRU&sigh=t6v_Ni3Peig&uach_m=[UACH]&template_id=484
Requested by: Host: www.rd.com
URL: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 segments_to_partner.js Show response
cdn.krxd.net/partnerjs/ 7 KB
3 KB 37ms
37ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/partnerjs/segments_to_partner.js?partner=a272cefb-df39-4fcd-beff-79cd6cdf22ec&client=trust
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/tmbiyieldheader910374028064/moatheader.js?ver=1.0.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0ed9f4489f29950f54053b4620800f6f1e061f3a467dfda552104034a71c3da9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
date: Thu, 18 Aug 2022 14:12:59 GMT
content-encoding: gzip
age: 10
x-amz-server-side-encryption: AES256
x-cache: HIT
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 3459
x-served-by: cache-hhn4044-HHN
last-modified: Wed, 03 Jun 2020 21:02:49 GMT
x-timer: S1660831979.003093,VS0,VE0
etag: "db6884bae01ad7499be92887e1875ecc"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
accept-ranges: bytes
x-cache-hits: 3

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/7990803410364380066/ Frame 21C2 45 KB
45 KB 39ms
38ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7990803410364380066/2076313506083323656

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88c0f0ec44462c984831e1862ba67e8cadf7c4ca5e5dadbdd127b8136eba36ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 17:33:44 GMT
x-content-type-options: nosniff
age: 74355
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46204
x-xss-protection: 0
last-modified: Wed, 29 Jan 2020 09:59:09 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 17 Aug 2023 17:33:44 GMT

GET
H3 200 2728354180183721846
tpc.googlesyndication.com/simgad/8668234309945165353/ Frame 21C2 2 KB
2 KB 38ms
37ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8668234309945165353/2728354180183721846?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e38814286ddaedafe3f3f487bd9a799c2b19b699477c2362515bc38eb7c0827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:26:56 GMT
x-content-type-options: nosniff
age: 35163
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1885
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 06:11:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 18 Aug 2023 04:26:56 GMT

GET
DATA 200
OK truncated
/ Frame 21C2 218 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 149487ee54146de0cce4a7321805d58ddbfa344e92949990fdd77bd54b027b8a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 21C2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 410d68976944d3d45c006ad97f657116947f19e16ad9fe1c1d978d84ac5cd969

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
274 B 48ms
48ms Image
image/gif 23.47.209.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=TMBI_PREBID_HEADER1&hp=1&zMoatAdUnit1=rdg_desktop&zMoatAdUnit2=article&zMoatAdUnit3=rail_1&wf=1&ra=3&pxm=7&sgs=3&vb=4&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1660831976009&de=621535808889&rx=814006546536&m=0&ar=1da355aa18f-clean&iw=601e6e1&q=2&cb=0&cu=1660831976009&ll=2&lm=0&ln=0&em=0&en=0&d=81188057%3A2349538289%3A5052870237%3A138269341240&cm=1&zGSRC=1&gu=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&id=1&ii=4&bo=rdg_desktop&bd=rail_1&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=tmbiyieldheader910374028064&fd=1&it=500&pe=1%3A1165%3A1165%3A2513%3A1267&fs=199703&na=1425529103&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-209-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 18 Aug 2022 14:12:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 18 Aug 2022 14:12:59 GMT

POST
H2 202 event Show response
prebid-a.rubiconproject.com/ 61 B
225 B 39ms
39ms XHR
application/json 18.195.227.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-a.rubiconproject.com/event
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.227.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-227-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: edda75d7dc3a6104c5af0f926c5ae645ae25eb8c4f8a601c6d5293378e858a5c

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 18 Aug 2022 14:12:59 GMT
content-length: 61
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1731 2 KB
2 KB 47ms
46ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 19:03:14 GMT
x-content-type-options: nosniff
server: cafe
age: 68985
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 18 Aug 2022 19:03:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1731 295 B
319 B 48ms
47ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 05:50:56 GMT
x-content-type-options: nosniff
server: cafe
age: 30123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 19 Aug 2022 05:50:56 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 21C2 15 KB
16 KB 38ms
38ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 376998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Aug 2023 05:29:41 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 21C2 15 KB
15 KB 39ms
39ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rd.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 11:47:17 GMT
x-content-type-options: nosniff
age: 267942
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 11:47:17 GMT

GET
H2 200 get Show response
cdn.krxd.net/userdata/ 186 B
225 B 37ms
37ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/userdata/get?pub=700bca2a-e4ec-4f23-be94-47317652bac0&callback=kx_partner_segments
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/segments_to_partner.js?partner=a272cefb-df39-4fcd-beff-79cd6cdf22ec&client=trust
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d33913cfecc4f2519d04cff6a085ca1e8e5a524447fbf68ee3fbd95b76dd74e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
date: Thu, 18 Aug 2022 14:12:59 GMT
content-encoding: gzip
age: 858
x-served-by: userdata-a005-ash-prod.krxd.net, cache-hhn4044-HHN
vary: Accept-Encoding
x-cache: MISS, HIT
content-type: text/javascript
via: 1.1 varnish
cache-control: private, max-age=3600
x-age: 0
accept-ranges: bytes
x-timer: S1660831979.071297,VS0,VE0
content-length: 159
x-cache-hits: 0, 2

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1731 42 B
64 B 74ms
73ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuAV3YmBmAVDF6C3YzizyafigTkFTbtp3vFOScof0iAtmlaUSk6ctB3sUonJuJLgTCv_vAeJXflTl3YB5H1_nE5bGVvvONZwovAuGvmhYUvqru-UTAM65_IhhCcJ_7aYLiepp61KXrVw-72&sai=AMfl-YRqUAH-tkRl6yD0ACagPNwV-O0VDEcf11_GQnwyoXLZHiI-byCsDiJfGDOQeNyCocqsPcbYNu6juT-GI0uz4Ayi2KN4J6lNDKZEtA74N25C9OQj_oEcznaFtgw&sig=Cg0ArKJSzPAPVBCaKNInEAE&cid=CAAST-RoiOThCGB26OV5wptKN2yYoXC8pp2mEx9Lme962wcp4u4kBT2VFX6xGG3nxeNfGZ28TMqaz7p_zpqMgzq8lMWCbmh0GRuJJ6-Xv1SDOCc&id=ampim&o=315,177&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=459&tls=1459&g=100&h=100&tt=1459&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=3956538848

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:13:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 13688 Show response
check.analytics.rlcdn.com/check/ 25 B
385 B 214ms
88ms XHR
application/json 99.86.240.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://check.analytics.rlcdn.com/check/13688
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-107.vie50.r.cloudfront.net
Software: /
Resource Hash: 8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:13:00 GMT
via: 1.1 aa98922692c099827cdae6a16b894744.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
x-amzn-requestid: db626ea0-02ab-4c38-bc9d-b42abb33a621
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-62fe48ec-348e0f4552ba27ef6f1479db
x-amz-apigw-id: XEBU8GPpjoEFzyg=
content-length: 25
x-amz-cf-id: sVm28ZYf7Q2yhOOcN9Jfqo3FZapTUVz4uKUerw4GyFldI6g2s4UTxg==

GET
H2 200 13688 Show response
check.analytics.rlcdn.com/check/ 25 B
385 B 219ms
95ms XHR
application/json 99.86.240.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://check.analytics.rlcdn.com/check/13688
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-107.vie50.r.cloudfront.net
Software: /
Resource Hash: 8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:13:00 GMT
via: 1.1 aa98922692c099827cdae6a16b894744.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
x-amzn-requestid: 9bbee532-70ee-40f6-ac9d-ef05c093c697
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-62fe48ec-0e8ea96b37b80ea361707e2c
x-amz-apigw-id: XEBU8H2WjoEFxRQ=
content-length: 25
x-amz-cf-id: 0wqPJOvjMoK8HgBVtniBE1NnSyFVQMRdP4-WzZJRZi3ZFN0F3mnCSA==

GET
H2 200 13688 Show response
check.analytics.rlcdn.com/check/ 25 B
384 B 221ms
162ms XHR
application/json 99.86.240.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://check.analytics.rlcdn.com/check/13688
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-107.vie50.r.cloudfront.net
Software: /
Resource Hash: 8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:13:00 GMT
via: 1.1 aa98922692c099827cdae6a16b894744.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
x-amzn-requestid: e25037d5-87f6-4399-8bcf-632fcbb4a618
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-62fe48ec-14313e741083916d423ff963
x-amz-apigw-id: XEBU9G45DoEF-XQ=
content-length: 25
x-amz-cf-id: eOX9bkB7FbMdpM1-hjwki7VFBGkU2beeu4JQ3c1y9J95rec1qpC2zw==

GET
H2 200 13688 Show response
check.analytics.rlcdn.com/check/ 25 B
386 B 210ms
160ms XHR
application/json 99.86.240.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://check.analytics.rlcdn.com/check/13688
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-107.vie50.r.cloudfront.net
Software: /
Resource Hash: 8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:13:00 GMT
via: 1.1 aa98922692c099827cdae6a16b894744.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
x-amzn-requestid: 641f7a0b-c112-4995-8338-902727bc09aa
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-62fe48ec-1386b8f9765ceb5d369f15da
x-amz-apigw-id: XEBU9HVCjoEFzDg=
content-length: 25
x-amz-cf-id: MITfbRyLkNlHwD15kHoluSpg3G7HOvrRJpNjwlvvnwFokA1WtX0ScQ==

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 21C2 42 B
64 B 82ms
81ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdwchhUib94PgDCbkObSo7TSAACgJmOIOxvy5RUjj4NZPI3ItdYPHiBptkA0J1MQCqfvAM8h_oeNJJKHV-9ZZ17yFGXKIBCXLIuFqbCoZ-cd-pIwQzBDdlKy681x4HZqYQ7uVCIdztIan6KHUbdfuUycl7ATr-5IPAi3oyYiA&sai=AMfl-YRCQTg4KVfOb6-1sdnPnwbsxmfmRQGxbNXfjf26f2xoZxfQjeseRoUERALmznjmzmlWa54uwaY7iA7uWQjk1Uoic4ldZPJp83O92hPZgTfKptBCIwByAZ7e_RM&sig=Cg0ArKJSzK969xmJmbgJEAE&cid=CAAST-RorsOeT2yI4wHRVNipg5z55OFnG9m-jXsx2NwI46hdtbErmXsM7fzuFDD76gsY_-YaESBHV5kEx8Mpig-_gpECC2V3IOKrf21czIcukmQ&id=ampim&o=991,467&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=239&tls=1239&g=100&h=100&tt=1239&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=464780107

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 Aug 2022 14:13:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ 0
250 B 291ms
150ms XHR
text/plain 34.120.155.137

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity/envelope?pid=13688
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.155.137 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 18 Aug 2022 14:13:03 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://www.rd.com
access-control-allow-credentials: true
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length: 0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 72A4 281 B
573 B 134ms
47ms Document
text/html 23.205.235.133

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 18 Aug 2022 14:13:03 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Unused62: 8096267
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 20AA 3 KB
2 KB 158ms
40ms Document
text/html 23.35.228.247

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.247 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Thu, 18 Aug 2022 14:13:03 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7135 52 KB
17 KB 130ms
38ms Document
text/html 151.101.193.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 34283
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Thu, 18 Aug 2022 14:13:03 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 532472
X-Served-By: cache-lga21945-LGA, cache-hhn4073-HHN
X-Timer: S1660831983.335906,VS0,VE0

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 4DCD 37 B
140 B 118ms
40ms Document
image/gif 76.223.111.18

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Thu, 18 Aug 2022 14:13:03 GMT

GET
H2 200 sync Show response
eb2.3lift.com/ Frame B56B 37 B
139 B 118ms
41ms Document
image/gif 76.223.111.18

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Thu, 18 Aug 2022 14:13:03 GMT

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 65D6 3 KB
2 KB 155ms
39ms Document
text/html 23.35.228.247

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.247 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Thu, 18 Aug 2022 14:13:03 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 615A 15 KB
6 KB 125ms
37ms Document
text/html 23.35.228.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160830
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.201 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=51864
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 18 Aug 2022 14:13:03 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Fri, 19 Aug 2022 04:37:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
unused62: 8096267
vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 19D6 3 KB
2 KB 154ms
39ms Document
text/html 23.35.228.247

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.247 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Thu, 18 Aug 2022 14:13:03 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame CE42 52 KB
17 KB 127ms
38ms Document
text/html 151.101.193.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 34283
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Thu, 18 Aug 2022 14:13:03 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 532236
X-Served-By: cache-lga21945-LGA, cache-hhn4052-HHN
X-Timer: S1660831983.336475,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 65AE 15 KB
6 KB 124ms
38ms Document
text/html 23.35.228.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160830
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.201 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=51864
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 18 Aug 2022 14:13:03 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Fri, 19 Aug 2022 04:37:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
unused62: 8096267
vary: Accept-Encoding

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 9188 37 B
139 B 115ms
41ms Document
image/gif 76.223.111.18

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Thu, 18 Aug 2022 14:13:03 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 6DA5 52 KB
17 KB 124ms
37ms Document
text/html 151.101.193.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 34283
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Thu, 18 Aug 2022 14:13:03 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 531442
X-Served-By: cache-lga21945-LGA, cache-hhn4033-HHN
X-Timer: S1660831983.336215,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F693 15 KB
6 KB 123ms
39ms Document
text/html 23.35.228.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160830
Requested by: Host: micro.rubiconproject.com
URL: https://micro.rubiconproject.com/prebid/dynamic/10696.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.201 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://www.rd.com/article/spoofing/?_cmp=readuprdus&_ebid=readuprdus8182022&_mid=523412&ehid=23CBB59D03EC6926B99D37E8D6864726A4BE8578&_PermHash=365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=51864
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 18 Aug 2022 14:13:03 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Fri, 19 Aug 2022 04:37:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
unused62: 8096267
vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 72A4 31 KB
10 KB 40ms
40ms Script
text/html 23.205.235.133

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 7ea01d581e2703acc8014b70fe20194ca20dbae5f22f9814e4676e2d19533feb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Thu, 18 Aug 2022 14:13:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Aug 2022 13:55:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=65181
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9441
Expires: Fri, 19 Aug 2022 08:19:24 GMT

GET
H2 200 PugMaster
image6.pubmatic.com/AdServer/ Frame 615A 0
42 B 151ms
46ms Script
text/plain 185.64.190.78

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=54276641&p=160830&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160830
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 14:13:03 GMT
content-length: 0

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 6DA5
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
812 B

45ms
45ms

Script
text/html

37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:13:03 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e4c907a0-5d85-416b-a067-ae73b9c3479f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:13:03 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: c429a808-8505-4bfc-87e6-6880a79d0ef2
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 7135
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
813 B

53ms
53ms

Script
text/html

37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:13:03 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7cbbdd9d-6ca0-42b4-8aca-6d31c669c724
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:13:03 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9cf4ad07-dbfa-4b7f-a2f4-9c84a47ff2a3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame CE42
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
813 B

38ms
37ms

Script
text/html

37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:13:03 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8316b599-10c5-482e-ac96-02e699a5a75e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 18 Aug 2022 14:13:03 GMT
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0a43dfa9-74ce-466d-ad02-6f2fe98b3760
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET

usermatch
r.casalemedia.com/ Frame 595E
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D68647...
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8...

0
0

GET

usermatch
r.casalemedia.com/ Frame 94F2
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D68647...
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8...

0
0

GET

usermatch
r.casalemedia.com/ Frame 5106
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D68647...
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8...

0
0

GET khaos.jpg
token.rubiconproject.com/ Frame 72A4 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10696&site_id=377204&zone_id=2077630&size_id=15&rf=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&tg_i.aupname=6178%2Frdg_desktop%2Farticle%2Frail_1&tg_i.pbadslot=%2F6178%2Frdg_desktop%2Farticle%2Frail_1&tk_flint=dmpbjs_v6.24.2&x_source.tid=a7153a43-9d55-4c0d-a1c2-494800de8a25&l_pb_bid_id=21b30f97c094e0d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9356110459944584

Domain: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Domain: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Domain: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Domain: token.rubiconproject.com
URL: https://token.rubiconproject.com/khaos.jpg?

Verdicts & Comments Add Verdict or Comment

274 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.rd.com/article/spoofing	1969-12-31 23:59:59	Name: ntvSession Value: {}
www.rd.com/article/spoofing	1970-01-20 05:20:31	Name: _liChk Value: 0.9625941771147748
.rd.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .rd.com
.rd.com/	1970-01-20 14:56:31	Name: _lc2_fpi Value: 0ee7014c2aeb--01garmsjsrbya6baz5nqgpk0ny
.rd.com/	1970-01-20 14:56:31	Name: _pnvl Value: false
.rd.com/	1970-01-20 14:56:31	Name: pushly.user_puuid Value: HK6N5bwzWqeEqoJ8KsDBjcSz4r4yFBWF
.rd.com/	1970-01-20 14:56:31	Name: _pndnt Value:
.rd.com/	1970-01-20 14:56:31	Name: _pnss Value: none
www.rd.com/	1970-01-20 06:03:43	Name: _pbjs_userid_consent_data Value: 3524755945110770
.rd.com/	1970-01-20 07:30:07	Name: _fbp Value: fb.1.1660831976474.1047241756
.rd.com/	1970-01-20 14:56:31	Name: _dor Value: www.rd.com
.rd.com/	1970-01-20 14:56:31	Name: _ga Value: GA1.2.979978838.1660831977
.rd.com/	1970-01-20 05:21:58	Name: _gid Value: GA1.2.1123437193.1660831977
.rd.com/	1970-01-20 05:20:32	Name: _gat_gtag_UA_17041328_1 Value: 1
.skyword.com/	1970-01-20 14:56:31	Name: vis Value: 4D69F105-00A2-61A7-3C75-ACCB5657B95D
www.rd.com/	1970-01-20 05:21:58	Name: _lr_geo_location Value: DE
.liadm.com/	1970-01-20 14:56:31	Name: lidid Value: 50c588c5-66c5-4667-a414-4d2abd5091c5
.rd.com/	1970-01-20 14:06:07	Name: _pin_unauth Value: dWlkPVpXTmxORFV3Tm1FdFpUTmpPUzAwTXpobExXRmpaak10WkRCbU5UWTFaRGRoTUdOag
.www.rd.com/	1970-01-20 14:06:07	Name: beopid Value: 9a0db705-8efc-4096-9d18-de00d84b1e46
.kargo.com/	1970-01-20 14:06:07	Name: ktcid Value: 207293cc-f605-0701-1012-386a74da06ee
.rd.com/	1970-01-20 14:42:07	Name: __gads Value: ID=2faaf2245e79e5bb:T=1660831977:S=ALNI_MYyCV8l_kWnizcu4dgmhYhbX-ye3Q
.doubleclick.net/	1970-01-20 14:42:07	Name: IDE Value: AHWqTUnU4rMnXgi6wZOVF1b0Y7ZM11ucL2tY5YeOtvbMZe5a8WVVMmxowzG5k8YEMSA
www.rd.com/	1970-01-20 05:21:58	Name: _lr_sampling_rate Value: 100

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://d82f7a30-751a-4689-b7e9-19336a89ab46.edge.permutive.app/d82f7a30-751a-4689-b7e9-19336a89ab46-web.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://content.jwplatform.com/thumbs/tueun4W6.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10696&site_id=377204&zone_id=2077630&size_id=15&rf=https%3A%2F%2Fwww.rd.com%2Farticle%2Fspoofing%2F%3F_cmp%3Dreaduprdus%26_ebid%3Dreaduprdus8182022%26_mid%3D523412%26ehid%3D23CBB59D03EC6926B99D37E8D6864726A4BE8578%26_PermHash%3D365081ce9a2d38a0d7154761c1cf7fd28dec6013b2efcec6970a9fda7cb53a48&tg_i.aupname=6178%2Frdg_desktop%2Farticle%2Frail_1&tg_i.pbadslot=%2F6178%2Frdg_desktop%2Farticle%2Frail_1&tk_flint=dmpbjs_v6.24.2&x_source.tid=a7153a43-9d55-4c0d-a1c2-494800de8a25&l_pb_bid_id=21b30f97c094e0d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9356110459944584 Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
other	warning	URL: https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=13688 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

062c24ac1719c100a8b7e9af6670a7d8.safeframe.googlesyndication.com
aamapi.com
acdn.adnxs.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
api.bounceexchange.com
api.rlcdn.com
assets-jpcust.jwpsrv.com
assets.bounceexchange.com
ats.rlcdn.com
b-code.liadm.com
c.amazon-adsystem.com
c2shb.pubgw.yahoo.com
cdn.ampproject.org
cdn.brandmetrics.com
cdn.flipboard.com
cdn.jsdelivr.net
cdn.jwplayer.com
cdn.krxd.net
cdn.p-n.io
check.analytics.rlcdn.com
click.email.rd.com
collector.brandmetrics.com
confiant-integrations.global.ssl.fastly.net
connect.facebook.net
content.jwplatform.com
contents-tracking.beop.io
context.iris.tv
ct.pinterest.com
d82f7a30-751a-4689-b7e9-19336a89ab46.edge.permutive.app
data.beop.io
eb2.3lift.com
entitlements.jwplayer.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
geo.privacymanager.io
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
ib.adnxs.com
image6.pubmatic.com
imasdk.googleapis.com
js-sec.indexww.com
krk.kargo.com
ls.skimresources.com
mb.moatads.com
micro.rubiconproject.com
p.skimresources.com
pagead2.googlesyndication.com
prd.jwpltx.com
prebid-a.rubiconproject.com
prebid-server.rubiconproject.com
protected-by.clarium.io
pubads.g.doubleclick.net
px.moatads.com
r.casalemedia.com
r.skimresources.com
rp.liadm.com
rp4.liadm.com
s.beop.io
s.ntv.io
s.pinimg.com
s.skimresources.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
sli.rd.com
ssl.p.jwpcdn.com
static.cloudflareinsights.com
stats.g.doubleclick.net
t.beop.io
t.skimresources.com
tag.bounceexchange.com
tags.catapultx.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
tracking.skyword.com
videodam.tmbi.com
widget.beop.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.rd.com
z.moatads.com
fastlane.rubiconproject.com
r.casalemedia.com
token.rubiconproject.com
104.18.18.126
13.111.148.19
13.224.189.41
13.224.195.78
13.225.78.39
13.32.121.113
13.32.99.59
142.250.186.66
15.188.216.240
151.101.0.84
151.101.1.194
151.101.193.108
151.101.194.133
151.139.128.11
152.199.4.139
152.199.5.228
18.156.195.47
18.195.227.5
18.211.56.22
18.225.24.114
18.66.112.102
185.64.190.78
20.50.2.28
23.205.235.133
23.35.228.201
23.35.228.247
23.36.162.30
23.47.209.169
23.47.209.80
23.7.197.114
2600:1f14:600:6e00:74d0:abd:2041:a4f0
2600:1f18:730:b130:4c96:5596:18cd:cf5
2600:9000:225e:400:1:a3fa:7cc0:93a1
2600:9000:225e:6200:1:a3fa:7cc0:93a1
2600:9000:2304:a200:e:5a70:ca4f:f701
2600:9000:2304:e200:8:8845:1500:93a1
2602:803:c003:200::21
2606:4700:20::ac43:45f7
2606:4700:3035::6815:29f3
2606:4700:4400::ac40:9573
2606:4700:4400::ac40:99f1
2606:4700:440e::ac40:9c1a
2606:4700::6810:5814
2606:4700::6812:551
2a00:1450:4001:800::200e
2a00:1450:4001:801::2003
2a00:1450:4001:80b::2001
2a00:1450:4001:810::2003
2a00:1450:4001:810::2004
2a00:1450:4001:812::2002
2a00:1450:4001:813::2001
2a00:1450:4001:813::2002
2a00:1450:4001:813::2003
2a00:1450:4001:813::2008
2a00:1450:4001:827::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2006
2a00:1450:400a:801::200a
2a00:1450:400c:c08::9b
2a00:1450:400e:80c::200a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:400::626
2a04:4e42:4b::84
2a04:4e42:600::626
3.125.201.50
3.65.41.66
3.82.168.103
34.111.8.32
34.120.117.212
34.120.155.137
34.120.253.250
34.251.24.18
34.98.72.95
35.168.71.120
35.190.59.101
35.190.91.160
35.201.67.47
37.252.173.27
52.18.219.233
52.213.82.126
52.45.182.189
52.57.125.17
76.223.111.18
99.86.240.107
00b5f0136b24fd8dbaf589b0ecac23eb7b3b295d7961507a4c5544120f97f98b
0156d148a5d904d8a4b276d8cae5b77667e05ae546fa3b441e3116aca02ee6c8
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
041b6e69b34243b7cd98534e95b129cb2479bebddae8dc4f051755a84cc8fbe8
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0660862c3bbbb31cd2e4a79c5b9ba036356e35e5c80ce5b7b66cc06c93865162
06b0ba8638146e7027c6210797ad5246a76f5c54d3cda09c37610a9c43884f37
06b975b2cad4370629c5bb9f5b74f395b9dec39b45fe771396f1b47733b0f56d
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08bc22c85c4246a31747bd1dc24007bf53be94f4e527e387ab0a1d81c637c3a6
08d20a2ee48b6892026d9a264b4c45206ccb1018dfb5f1d643d6a10bbd2f974a
09e04bcc5287685edd35ea0953cb6c0605409dd3b3cacafdc23ca72c1c204a0b
0ad93024412465f56e8b0aa134d2a4dda848d68e23b5c20d12125f38f6a488c4
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0d23b41ceb2fff3eb233d91c8ea44f3443850ea33161e234d529c88b55e85746
0d910cc1aa24413aaeef9f2cb52c3ed8bc4a06e823fc1d2d26f75667a0233764
0ed9f4489f29950f54053b4620800f6f1e061f3a467dfda552104034a71c3da9
0f790bdfb9c12c83da88b657a00be6b9aee3d14d167002faaa9562bc74404325
0f828bc94f4e49dfbd522c713ab74d8d2569b0aefd3deee982b8f1bf168de08a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11e5934d20c6bd213399fe63dc8de240747a0b49a7f782aec6981d6a66e08282
12f8e16de96fcaba1aaf32802ef8583cee0ebbd534d4c9216cdd09964381b5f8
13709eb92cc8d30ddca86cac6a763b4e40a4a5d6a338ce79e4220d91fe24c36a
13ca66cf6767366a16dcab079a022ab7efaff7ad1f44fe904543916d56bb2d9b
149487ee54146de0cce4a7321805d58ddbfa344e92949990fdd77bd54b027b8a
156653c0c2c026afc382bbbe02e0ac95ae4734401670cdb06e44665de0e46000
1574db55dfbb34c01542fd1ef72942c1f9cd0aaf7a3ce135e0deb2e55dfdd486
1b06e1c6d409d4a667970959397d39f5ddbf9803cbf7f9acb70fe00b8127cf4f
1b371fe7914ea1f48622b928d3677af13d177e4e9595fc1d3395d8024f682762
1d982282f0397d47ade6971a4fcc4510e48818e69b8d0a1f841ef7c2719d13de
1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86
1fc1943ad73b34c7ecc7fc573e931cef2eeca1c68ebc90ae8c3a8f4162319965
207794d67b4c418fb8c527238697f628074d9c9fcf5476ac96e8572781b50097
21018cfb1e8155f5757f52bf3eead69d23b67d3bf298d0aa97aeb92d4e7dd2a1
22af5d3bf749542c2d95975186991b7b8c1e0766449c3fdeab55d57eb0d1ffdc
25debee90474604a5599e170d42a4c9bf6133d9aa6384ea3f1748a1106dafff6
2a6a39dc5323c7f0355f11b54a49f5b6cfc96bf52857e63f46e82e31338e1cef
2aa8c28e970f075e589b8f5199c9bc662db7d2eb240681e16b5b13365811cd7c
2b59b7362e2f136f8eb50ee9ed29dbb5ca434c1067cb56de2cf9808679028929
2bef08bfc4f5df889affb046f13acf8a5aba7d656918647bedc7c98eade9ffe4
2c34e56c8477ca237b6ca14153f7187aa724b0ba5f764e28b91b3f7bbeb2a762
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435
30feb868b91d2a3e257714429d405330693e2942388bb302396ef19044261b5d
339f0ed8420e8a3a68b965179c5a4ee74eb871b511439f3368bd4705ea06594d
33befdbbb24930584f5ac94ea3117adcd56518f20ab1619d05de83ffd1821d38
345a8b8d3c375a4c3e1926696bf53c3912d32cf268b228572fd234ff7fcbaf4d
351846a513b381063c0b9916ede4a812391bd06c3465763c65fc166123b7e4fa
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37c9dcde8c4a0a5a7dcf5210b9f7cc93a1cbedfe367593480bcd0e383dbb60c4
388e31e7568caaf46c0e4ad833c001f35b03dfd85f820515132305b7eefd21c4
38bed02d21c97f485e7ecaca13845a1cd4c3ee53a302d039a7b30b6754ba8ba6
38ecfd35f3df13ac05900016fbb5975080b2856f6029ad5455203c0f5550c8ae
3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544
3c9237f8569d7a3cbf7ab25bf871ad84aadc0098e254f3af2790c05c6a98fea3
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e38814286ddaedafe3f3f487bd9a799c2b19b699477c2362515bc38eb7c0827
3f186210f22d15c9e99282bbc6f351ba7aa14966802f184537dfe273d695e826
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
410d68976944d3d45c006ad97f657116947f19e16ad9fe1c1d978d84ac5cd969
434b5e74c2c5c495b6430ef91f79bacafe42c7cb36beada0a9360a50c8137c00
435b827b100268bdb32cc3ffabf94331103010fd2d1ba26890fc639d53a1b525
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44ef010f29841d3f1b51cd6acef462cdf0f28db28fcc8aa1a289e6e93afb9c99
470b7329fac5aeec181daee59bf517be352030d66d2b0712dd574e9cbb6d173c
483784ecdf80ccaffd50869e23e2efdbeed9343b1b4c7dae837667e4984a68a7
49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68
4a3dbe01c6d50d8264cc5c9b01a48a659ca032ba9c1260903e4242975e518cff
4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae
4dd22a866cf7fa613e4a25f4e152e8d2f89e3e677c440e52c14e660927610e1d
4e421a0440b56149be838fad25420517bb36fc7135f18783835ddf6e73c29899
4f547216fc3d272c79a70122176c3899c6895e63ae6373ce0ef359c5145f7374
4f6366518c3d992d6a9a3aee342675532822d6b1d66217df7b284bb450dbb99a
4f6848f45929db24af962e27c4c96a44bd7e3bb4cdc8274e613315bb6e6eb435
4ff1b9b91db584b19d20b4d02af9ff7673add161ce3f9ceae9391b3a84fddab1
504a50c660f28db8571deb0de4d57d99230c027b01fa820010df030de298df78
51ac5b2d4d716f7fe76fb278275cda1184b8fcb2c18f64ee55842076bcdfdb93
52b31d95b3be7d837502b15107ad1edf7f9c3ce42773ce65361336dde7597ab6
5315b3b69ad428d90ce6485dc31a8f0a06bfd2579b1c34120992aacd3bda5556
532cf7167d55ffff4ca4ee0d3913030f03ff89a34cda42c42b0b659ba446f932
5427e10c23520fbca480e8750c7e03dc2858eee594081879ea72a559bbd9fa81
5577de66fefd6de448a833fd84d9a752e707cd52c7ff42ffdbbf8431d0551fa2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56e914584f77a21cf28171f6545abb9ec3246de4b923724d855d84cb1243a156
5726835a9449b924da62bf34cbe26cd64307f3c9159914f82fee7cab41aaf306
5893c1ccc8413220bf8a158af5a06e45ec294fe853348dd19b68f221ba4833f5
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
59b92dc54ec59de5e855231a626d0dce05e8a050b0f33ad1ddeda966a930ad43
5b0602eeeb1484cc85d98733fb9441e16d91eb68beb26c19519ea7e61c1d48d0
5bbc49b8e4b608dd8d1539e5f394825fa16220f5ba9d25d502c4493e690e75ea
5de2f269f121423a6e49c66c14466a779cd693fd6faeff3e04152024be81139c
5ee00fad2265577bc5be56bc69c1e8c1071a4b201a5b9bd523c7204a54c31a28
5efc6bad9022a5f98b4043a2e85a3233d84270d4f9cfb1cd65080a31b7640491
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
636d6f07b3e1c54521a32a4e40f9c889ef8fb235f024bcabd94cdb73f0b04901
63e55165cb26efa3df20628f8c2dfc0b13e7d7e7629761fe9f43b34d5498ea46
652d82ad34da02c9602d66332cfc52fb39b65da77c70a9faa518d859faf360b9
67753bf8ff944e4b146d4d08aa0bf0ebcb1618994bc9384aeda849996d09c17c
6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6c1bfdb14d27bda31dfee5f766c56a12bf8a618d7fb24cb9c0c539a35b2090b5
6dd1548d9bc310301ca3828e82a2f684d5ed2a799b37f53a79cc0a023da80d01
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
7070c9402db323126f9422de0f47be9a29cda05bfe1dafe1af07306ca666b8f0
70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1
712ee4eb9657dcd072d7bbefefc6235ccf81828807c093390810a3d2af85586c
71795f168f858d2b071378a3a6b78556eea59f816aaafaeffe8eb55ffdcf97bb
71e5b6eb041cb505cab8acbb09548b57aa00ad344594519d2e3f8857a9687020
7658233cbe36b832efda5b9a27f917453114586626666ed6142b0c50a2e8fcef
78a6ac393831ac85bcd65353521b5cf0aeea5aefbc1a176d91bd389c6e7f2c6c
7b6fef0a63424245b31b293b1a3bfd074c9da482e28fb9e920e1cf306e54e8a2
7c6cd1e00f3a764bd02e959653a10d529dbfe1012d64f253d7490c625ed6a654
7de4eb6772062a9a982e1c944ec97184372ce8319bbc9bd135793e7ac98accf1
7ea01d581e2703acc8014b70fe20194ca20dbae5f22f9814e4676e2d19533feb
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
812dc1d830b40b7ddde5d9412eab3134f38dc3340614b97250ebf8f6439b1b2f
819f3136b7fa1d732f05ec1d9c773bed9bdcdb09e936fe964ae8fb70f29912f2
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
831e12c4a30d96040d8cc6715b77b80af19c387808e044f83267671b466d7750
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84efaf5837250e134b9ad38aab56d5f178bdf2e50f1f3a99e576c2e69b60c6c0
855d0573de3e1d813080c66243a447937c3c82ea77bbd7cb86856d5d4d609076
8568d01f2fda8fad450ff7bf68bdfc51f6f10e0ebd60c0433e577e655870d8f6
8704f607741a4e0a4d82cf024d026c9e7c1d65241250c2223f31dca29a07dc15
889f28c7e0ff9ec3b2fb1f2cbdbe7c0d4a5a09a34406d76e89f8416b5cbd8457
88c0f0ec44462c984831e1862ba67e8cadf7c4ca5e5dadbdd127b8136eba36ea
8a26f948122b1fe863bae3e65f7a64893e6e29e8e760ac075654174f96171cdd
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335
8b79630ec15683d0ed35aa5f175a2809a776c2f8075ec8b363ffec4b6c7b5b3b
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3
8d8de3829d2383650a9308f175c7017fe6f3a60c3888d6d61e089f9b19141323
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8de0855c47222af42a9ed9ed62ea1f58ab5d89b620a06f285aeb451ddca8543f
9031ffcf37a64d49e8ff7450ba21b3378d2660bde2d652f870c47bf468eedf18
9175b6d35e60afb00e98f0bce021f135677a950f58e518934d0d82066fc757bb
91c00cb18c492812180645a760c3e76b611b3dfb8576de93a0fa453aee1b078d
925ed48219a2d3c339c5d288fdae3f965efbca0e5ee4e369b7dcbb04b6ade06f
9399dab3e383fdc22b2d578596ba65980795310122106ce73252718dea66ef7e
93d570293784f28353ae6c163c6b13ee531753b4da7a009fff78b51625292dc7
9421c452fe1019dd024ca96ae9803be08adaac8244c4572ba25089b938f1d232
9545822056572ccf35b6c6781374ef73bdee236004959748700ea7d644e0199d
956f6f2c1e30a974cae6e532f793bc51caaa04b05198ae80ac8ef307952d2387
96281150fc4b153640ffd15f9ce9a133ee631aecb0f955cd67974e72af74ae64
9629c59fb5d325a2fdf7324f731f6e8a4ee507af7d1bd260a4d290ee69c4d17c
971fb473684bea2b533553aba880840806fe17a19e0d8cc097c30238024287e8
9aff82bb6bf217571cd2bfc3d1cee2b915056bfad051044e914352826c33d320
9b268fa9e727fb03331446edd6222f2f4e7c2bdb242b14939e4b5cacf4e7be9a
9cc5de9fdb0201569f2566a0cf00f15a0fae5a4260c3982c1fcf679d5811dbde
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a221b8ec55e0d82883699663672c218c4de02207132f344a6440d69df7094b7d
a2acf545701465b3ff3d92f1d80eae2743004fff551e072738e00372b14b903b
a2e0a910385671a83ecc18e58bc12839a21260839514e18ab1862a6012008890
a32b280803f80b434b6b9b12f856f921d71e98275415fdb71a8f59b742cd7eb5
a35a51e32439cce8b4dd6734f65c18debec94ca81a30640b2ccaba988ce1639e
a382071532339fc79ce7928b5d9a46046d55e222a57866b9501e3680d7c37ea4
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4466e77ca703ac365820bd5fdc2707702efa1abd0d0f185dc54ac6b686ed5a4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a67117312ce631cdfc251dfbb90058bc01e3849deb0cd7fed130745b5813d1b2
a6a06429105f522575f9dc82a176e6d7c505a29284c0529cfd141daa9d816e7c
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a832360fa2f50d1008ca81831d118b097a97d2157e8151cb109171c33bf7b9e2
a83df74ea8693edd7a7ca4fb10c486509148efcc6475a25c0f778738606695b1
a9851db0f24dac5cb080eb4ff5f25a58a0a4a71c3fe206e831cd5c8ec7f30ab2
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
ae97441771e91747997d983ff28bdb321a821846d2d6da01587f01d0fe33c5b7
af783b2650aaeb43013aa489f72edfaf2c1b348ad47681537265264414a1a7ee
afbeecfcb775ea87363f8eb7105a6ab60cb64eadb7a71a455cd52cc3cc8d5740
b0b68a2820314b9d471468ca2fcb17de112c4c864f048e50d593f054962f2c9d
b0e385c1e349d9f04e3f2d4df39f992f5d0115630e27c67e672296b947e4ebb3
b2bad1e576aa96df171e492e3119d2da02486866a4fcb62a0ba57a8f5ff1d394
b2d1dbaff2a9fd10473a77cb0f81aa18a8bbf256023575e7a2f3a159fbd10f05
b31e6be12d0c1606d7bd1bbed70f04df186cb8a8f9508defb87246837754130f
b423a0606a3921c194a4b9a7fae62b3c3767877fde6602c42428f10023f26d21
b5c3760ebad493fbb95c0ac2cbcdeca727826c3f9c78719d2964c62abca3c7a1
b6c2fd209cd3b56d6fc439c1191bf3aaff5cafc1ccc47d3f367e32f8180a37d1
b8197cfb30b45b71af2f3bc2a64401b589ceb23b3d0b18b4e6dfffae7befcedf
b871bbed27113349129de267d64b9b9b987a7e4fb3d4224e3b16b3296bf8cb0c
b88fca268e1352a0922f301c6b88f0499606c01faa8d0718de11a8153a5edc3a
b9544dbbc4559751f0ceafc848716911393670f4e5bd8ae18e952d7d08bd346b
b95858735105ac1d42fbd2b854eac21f947a1a3c7cb6e45c3787d4fe5e7a747b
b991004bf766883ecf36d27ff836b327b64abbca550239430fe9641b2fcc61d1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd15deedf88c60d4fef8d516c8b0b30fd69d705fb9779a71f88cc5526809d038
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
bd9afb705b2332b752e935df5ceb02ab2cc83d464d18f2b0f3f603f65022a4d7
bfcc2143b6f0635117b7354d9c0965778cd10168c10ca661d0ce42af30820951
c00b292b869ab89aaa84d4029f179944df8c71088d09f9f45c73bbc9ef1f23ae
c0b195905fdb73566a39eff0a966a34751098e677648810fae752c3a936584cc
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c33a075176788a7a65ab88396dd343dda01c34bfac4c42d5642e363be0ed3c28
c3b1f04906e025cc88a620b9ab2588afc484757b0e1a13c51ccf4d9cf1ef384d
c5e24ad5cb560937b7ff087c5e6b7e5b5ee15e866d0725e1385fe98ad6268df6
c978f89ecbf531f2b8bb903cab82fb0b0f1b44603dc1be644e028eebc655e89d
cb3f12f81184edd76efed5fe35a5c4ed281ff579e30ff9b13936a184afbc8cde
cc094ffe53f9cc289462d2bd847678bb257c47a9fd48389c837d09d90f1176d3
cc1ce1339a76ca1f615d8d9dfd2b25adc02ed8653f5d68af91f0208de27657cd
cd23844164d5653d98bd64431b6d9cbde0577cea27ef537563aab40c6d1fcd55
cf016295997068c6cd58f52c4fca8fdec2806b76e09b12521fcf734e0fcbf5f5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d02ab98a558ccea032a6a1bc2bfefd2b4a2a3a1aa9f3dad40c70d4486f87704a
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1b74ee9f627e2f67e9751ac25d1b47cd77e0f901e6ea897fa4fc88ec9efa9c1
d1f6b58a8b32dea13acb29a386dab49f87293729abd1835672433d087bf29d6f
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d2dd397f2f81170f2fd0bd5cee8f455e200894e9e2a81a114c29aa7b6856d744
d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08
d328376e73c89a6f4d8dcf0f9569a5717a675b4121d0d6e3bff1d724eef47463
d33913cfecc4f2519d04cff6a085ca1e8e5a524447fbf68ee3fbd95b76dd74e4
d47d16bf34e4c557ae13192bf351083ee15c9bed72a139fb1e14272d7b391230
d669534a76a01823b9c2c53e150cb5cbdf338e7e2e80e4c429b12935137d793a
d6bc239a6993be3a5ed13249ff2d27e4e3bc80a30bbd6df2ff92b4db0ad1d996
d72592e7d400238ef1131b328cc88ff210c6b7bf92eefdd5020694daf119a33c
d7471e3df1ba49ecc8acc2dc6d8c4c3619f1a8e094050bdb2432c1cb2548468d
d74d497427fdbdadb41a3ae89ef2bb24f003c1022978fe606bfca26064d0bc53
d838708f9080299078c167af8e85a8cba9b28e00c13491d28f332dda28881fca
d9965bd0089d0c1bd8f41ce32035d3db396a2c220fe4d6ec6ddd36e0059f20d7
da3db457741823b2b3579b647a3d800eee052062f99208c8ca15c490bc4e142a
da9507cb1a3616e1442336158dcd9d6cfca240745ebe2a04e538e0e04cf11224
db0b2a9340137033881412a37a10f61ac49ca9017206bf08511d9d8fc0688dae
dbc32f33967798a78d4d23797bcac666b28f0c1c6ccafb52ab501b8f1f7f746c
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddfea4688644106797f10d32994fd83c3508ba7090bf893c430c8cd2e573d8c6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de7826b311a111b9a3ca8f37f1455eb43a548fa7189c46d39118543bd87173af
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e1f4a398b7260ff24d833731a5c56661603aa876fcda763a2ceab56a32967e9c
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e74fc9882fd1b046474630282635991e5aa59cb761302f13d7a304c1a3bae89b
ea6a175eb6226f00c8b2c59c12fb502205c532256dda71b9c903a36124c736a1
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e
ed03606264f99e9e2b49861b119a5378d9c52f9bec0d56e9bf8f4a2afd0f05b5
edda75d7dc3a6104c5af0f926c5ae645ae25eb8c4f8a601c6d5293378e858a5c
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f039e32c9e62cd2acc5bf02dec7282686e6f41be6b01bfa249f9590cda747cba
f05e7cffaf25f8189d7f982960a21a7d99610b50102854ee49ff597f95cfc466
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
f0fe7e69e970311a87c3b57b217e6fc19f0a65b25813ad64426169712f61e402
f179c755189a964361e140490adb056e8722c5f478f8c4342de81ff067fd4e2c
f29595049d8fe1e75b1c0d062c5436594a18730673c161bc96e7200ba3026083
f2b86ff090038df34b053747723c34ff9a00de105a79dbc9011697aaabf58a4f
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f838b3467a329431f0fe6a00705cf5ae17609fc27843141faa62e6d0d21159fd
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
f83dccda0f23005e073046554fcb6f70e6cc5c6d5a31482d8cbf00c3cae72a69
fc0c4893ccbfbb1c266374313522a0ff2383a73b9de5280299af809169650cf2
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

www.rd.com Open in urlscan Pro 2606:4700:4400::ac40:9573 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

343 Requests

96 %HTTPS

42 %IPv6

53 Domains

92 Subdomains

85 IPs

9 Countries

3347 kBTransfer

10501 kBSize

23 Cookies

45 Outgoing links

Page URL History

Redirected requests

343 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 27 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.rd.com Open in urlscan Pro
2606:4700:4400::ac40:9573 Public Scan

Screenshot
Live screenshot

Full Image

343
Requests

96 %
HTTPS

42 %
IPv6

53
Domains

92
Subdomains

85
IPs

9
Countries

3347 kB
Transfer

10501 kB
Size

23
Cookies

343 HTTP transactions
27 data transactions