www.nordkurier.de Open in urlscan Pro
2606:4700:10::ac43:25fc Public Scan

URL:
https://www.nordkurier.de/
Submission: On March 05 via api (March 5th 2021, 2:49:22 pm UTC) from US

Summary HTTP 186 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 58 IPs in 9 countries across 52 domains to perform 186 HTTP transactions. The main IP is 2606:4700:10::ac43:25fc, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.nordkurier.de.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 25th 2020. Valid for: a year.

This is the only time www.nordkurier.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	2606:4700:10:... 2606:4700:10::ac43:25fc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	91.215.103.64 91.215.103.64	43407 (INFONLINE-AS) (INFONLINE-AS)
2	65.9.187.116 65.9.187.116	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
15	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
2	2600:9000:20d... 2600:9000:20d7:ce00:4:b37b:9440:93a1	16509 (AMAZON-02) (AMAZON-02)
3	65.9.24.128 65.9.24.128	16509 (AMAZON-02) (AMAZON-02)
1	35.201.77.229 35.201.77.229	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2.17.187.27 2.17.187.27	16625 (AKAMAI-AS) (AKAMAI-AS)
1 7	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	184.30.20.241 184.30.20.241	16625 (AKAMAI-AS) (AKAMAI-AS)
4	185.86.139.96 185.86.139.96	201081 (SMARTADSE...) (SMARTADSERVER)
4	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1 2	91.215.103.65 91.215.103.65	43407 (INFONLINE-AS) (INFONLINE-AS)
2	85.159.214.153 85.159.214.153	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1 6	52.95.123.41 52.95.123.41	16509 (AMAZON-02) (AMAZON-02)
2	145.239.0.62 145.239.0.62	16276 (OVH) (OVH)
2 5	172.105.89.40 172.105.89.40	63949 (LINODE-AP...) (LINODE-AP Linode)
10 12	212.71.252.71 212.71.252.71	63949 (LINODE-AP...) (LINODE-AP Linode)
2 2	51.77.65.169 51.77.65.169	16276 (OVH) (OVH)
2 2	217.182.199.59 217.182.199.59	16276 (OVH) (OVH)
11 13	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
5 7	99.80.71.186 99.80.71.186	16509 (AMAZON-02) (AMAZON-02)
2 2	80.82.217.92 80.82.217.92	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	185.86.138.131 185.86.138.131	201081 (SMARTADSE...) (SMARTADSERVER)
3	184.30.20.198 184.30.20.198	16625 (AKAMAI-AS) (AKAMAI-AS)
13	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
4	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1 2	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
3 3	185.29.132.144 185.29.132.144	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	34.120.207.148 34.120.207.148	15169 (GOOGLE) (GOOGLE)
1	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	213.155.156.167 213.155.156.167	1299 (TELIANET ...) (TELIANET Telia Carrier)
15	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6 6	54.228.192.197 54.228.192.197	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1 1	185.86.138.142 185.86.138.142	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	87.98.128.108 87.98.128.108	16276 (OVH) (OVH)
1	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
2 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
1	185.64.189.249 185.64.189.249	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
2 2	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
3 3	18.185.180.173 18.185.180.173	16509 (AMAZON-02) (AMAZON-02)
1 1	146.0.227.110 146.0.227.110	20773 (GODADDY) (GODADDY)
2 2	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	159.65.197.210 159.65.197.210	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
2	2607:f8b0:400... 2607:f8b0:4004:815::2003	15169 (GOOGLE) (GOOGLE)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
186	58

23 2606:4700:10::ac43:25fc (United States)

ASN13335 (CLOUDFLARENET, US)

www.nordkurier.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.215.103.64 (Germany)

ASN43407 (INFONLINE-AS, NL)
PTR: script3.ioam.de

script.ioam.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.187.116 (United States)

ASN16509 (AMAZON-02, US)

cdn.privacy-mgmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20d7:ce00:4:b37b:9440:93a1 (United States)

ASN16509 (AMAZON-02, US)

rumcdn.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.24.128 (Orlando, United States)

ASN16509 (AMAZON-02, US)

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.77.229 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 229.77.201.35.bc.googleusercontent.com

cdns.yieldscale.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.187.27 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-187-27.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

msodigital-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.20.241 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-241.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.86.139.96 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.37 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

32e9ec56d9860726db9fe3d08cac0ce1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.215.103.65 (Germany) 1 redirects

ASN43407 (INFONLINE-AS, NL)

de.ioam.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.159.214.153 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)

cdn.recognified.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.95.123.41 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.0.62 (France)

ASN16276 (OVH, FR)

concheck.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.105.89.40 (Frankfurt am Main, Germany) 2 redirects

ASN63949 (LINODE-AP Linode, LLC, US)

rads.recognified.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 212.71.252.71 (London, United Kingdom) 10 redirects

ASN63949 (LINODE-AP Linode, LLC, US)

cm.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.77.65.169 (France) 2 redirects

ASN16276 (OVH, FR)

tags.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.182.199.59 (France) 2 redirects

ASN16276 (OVH, FR)

buyer.dspx.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 216.58.212.130 (Mountain View, United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 99.80.71.186 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-71-186.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 80.82.217.92 (Düsseldorf, Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

ads.smartstream.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.131 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.30.20.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-198.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.49 (Frankfurt am Main, Germany) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.144 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.207.148 (Kansas City, United States)

ASN15169 (GOOGLE, US)

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.167 (Sweden) 2 redirects

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 213-155-156-167.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.228.192.197 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.142 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.98.128.108 (France) 1 redirects

ASN16276 (OVH, FR)

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Aalborg, Denmark) 1 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.249 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.5.142 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:36a9:ecb:e518:b308 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.185.180.173 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.110 (Ascension Island) 1 redirects

ASN20773 (GODADDY, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.25 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (United States)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.197.210 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.253.128.188 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:815::2003 (Washington, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	doubleclick.net 11 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net	186 KB
23	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com aud.pubmatic.com image4.pubmatic.com simage4.pubmatic.com	45 KB
23	googlesyndication.com pagead2.googlesyndication.com 32e9ec56d9860726db9fe3d08cac0ce1.safeframe.googlesyndication.com tpc.googlesyndication.com	476 KB
23	nordkurier.de www.nordkurier.de	2 MB
16	adsafety.net 12 redirects concheck.adsafety.net cm.adsafety.net tags.adsafety.net	26 KB
14	rubiconproject.com 4 redirects fastlane.rubiconproject.com eus.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com	22 KB
13	google.com 1 redirects cse.google.com www.google.com adservice.google.com clients1.google.com	170 KB
10	ampproject.org cdn.ampproject.org	215 KB
9	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com	38 KB
7	adsrvr.org 5 redirects match.adsrvr.org	3 KB
7	recognified.net 2 redirects cdn.recognified.net rads.recognified.net	355 KB
7	openx.net 1 redirects msodigital-d.openx.net eu-u.openx.net us-u.openx.net	2 KB
6	bidr.io 6 redirects match.prod.bidr.io	3 KB
6	smartadserver.com 2 redirects prg.smartadserver.com ssbsync.smartadserver.com rtb-csync.smartadserver.com	2 KB
5	yahoo.com 3 redirects pr-bh.ybp.yahoo.com ads.yahoo.com ups.analytics.yahoo.com	2 KB
5	googletagservices.com www.googletagservices.com	148 KB
4	adform.net adx.adform.net Failed c1.adform.net	1 KB
3	bidswitch.net 3 redirects x.bidswitch.net	1 KB
3	mathtag.com 3 redirects sync.mathtag.com	2 KB
3	everesttech.net 3 redirects sync-tm.everesttech.net	653 B
3	criteo.com bidder.criteo.com dis.criteo.com gum.criteo.com	581 B
3	google.de adservice.google.de	1 KB
3	ioam.de 1 redirects script.ioam.de de.ioam.de	16 KB
2	criteo.net static.criteo.net	51 KB
2	gstatic.com csi.gstatic.com	385 B
2	sitescout.com 2 redirects pixel-sync.sitescout.com	947 B
2	quantserve.com 2 redirects pixel.quantserve.com	1 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com	992 B
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	smartstream.tv 2 redirects ads.smartstream.tv	2 KB
2	dspx.tv 2 redirects buyer.dspx.tv	2 KB
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	geoedge.be rumcdn.geoedge.be	54 KB
2	privacy-mgmt.com cdn.privacy-mgmt.com	15 KB
1	simpli.fi um.simpli.fi	611 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	550 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	admixer.net 1 redirects inv-nets.admixer.net	559 B
1	turn.com 1 redirects ad.turn.com	518 B
1	zeotap.com mwzeom.zeotap.com	596 B
1	erne.co 1 redirects green.erne.co	325 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	contextweb.com 1 redirects bh.contextweb.com	793 B
1	rlcdn.com id.rlcdn.com	66 B
1	googleapis.com www.googleapis.com	182 B
1	googleadservices.com partner.googleadservices.com	263 B
1	casalemedia.com as-sec.casalemedia.com	1010 B
1	yieldlab.net ad.yieldlab.net	853 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	yieldscale.com cdns.yieldscale.com	100 KB
1	googletagmanager.com www.googletagmanager.com	46 KB
186	52

	Domain	Requested by
23	www.nordkurier.de	www.nordkurier.de cdn.recognified.net
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net rumcdn.geoedge.be www.nordkurier.de cdn.ampproject.org
14	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.nordkurier.de
13	cm.g.doubleclick.net	11 redirects eus.rubiconproject.com eu-u.openx.net
12	cm.adsafety.net	10 redirects www.nordkurier.de
10	cdn.ampproject.org	rumcdn.geoedge.be
8	simage2.pubmatic.com	image6.pubmatic.com ads.pubmatic.com
7	image2.pubmatic.com	image6.pubmatic.com ads.pubmatic.com
7	match.adsrvr.org	5 redirects eus.rubiconproject.com eu-u.openx.net
7	www.google.com	1 redirects cse.google.com www.nordkurier.de rumcdn.geoedge.be
7	pagead2.googlesyndication.com	www.nordkurier.de pagead2.googlesyndication.com www.googletagservices.com tpc.googlesyndication.com
6	match.prod.bidr.io	6 redirects
6	aax-eu.amazon-adsystem.com	1 redirects rumcdn.geoedge.be aax-eu.amazon-adsystem.com eus.rubiconproject.com ads.pubmatic.com
5	rads.recognified.net	2 redirects www.nordkurier.de
5	www.googletagservices.com	www.nordkurier.de pagead2.googlesyndication.com securepubads.g.doubleclick.net rumcdn.geoedge.be
4	eu-u.openx.net	1 redirects cdns.yieldscale.com eu-u.openx.net
4	c1.adform.net	4 redirects
4	pixel.rubiconproject.com	eus.rubiconproject.com
4	fastlane.rubiconproject.com	cdns.yieldscale.com
4	prg.smartadserver.com	cdns.yieldscale.com
3	x.bidswitch.net	3 redirects
3	sync.mathtag.com	3 redirects
3	token.rubiconproject.com	3 redirects
3	sync-tm.everesttech.net	3 redirects
3	ads.pubmatic.com	aax-eu.amazon-adsystem.com ads.pubmatic.com
3	adservice.google.com	securepubads.g.doubleclick.net rumcdn.geoedge.be
3	adservice.google.de	securepubads.g.doubleclick.net rumcdn.geoedge.be
3	c.amazon-adsystem.com	www.nordkurier.de c.amazon-adsystem.com
3	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.nordkurier.de
2	us-u.openx.net	eu-u.openx.net
2	static.criteo.net	cdns.yieldscale.com static.criteo.net
2	csi.gstatic.com	securepubads.g.doubleclick.net
2	pixel-sync.sitescout.com	2 redirects
2	pixel.quantserve.com	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	visitor.fiftyt.com	2 redirects
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	d5p.de17a.com	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	eus.rubiconproject.com	aax-eu.amazon-adsystem.com eus.rubiconproject.com
2	ads.smartstream.tv	2 redirects
2	buyer.dspx.tv	2 redirects
2	tags.adsafety.net	2 redirects
2	concheck.adsafety.net	cdn.recognified.net
2	cdn.recognified.net	securepubads.g.doubleclick.net
2	de.ioam.de	1 redirects www.nordkurier.de
2	ib.adnxs.com	1 redirects cdns.yieldscale.com
2	rumcdn.geoedge.be	www.nordkurier.de rumcdn.geoedge.be
2	cdn.privacy-mgmt.com	www.nordkurier.de
2	cse.google.com	www.nordkurier.de www.google.com
1	gum.criteo.com	rumcdn.geoedge.be
1	simage4.pubmatic.com	ads.pubmatic.com
1	um.simpli.fi	ads.pubmatic.com
1	match.adsby.bidtheatre.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	inv-nets.admixer.net	1 redirects
1	ad.turn.com	1 redirects
1	image4.pubmatic.com	ads.pubmatic.com
1	aud.pubmatic.com	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	green.erne.co	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	rtb-csync.smartadserver.com	1 redirects
1	bh.contextweb.com	1 redirects
1	dis.criteo.com	image6.pubmatic.com
1	ads.yahoo.com	eus.rubiconproject.com
1	id.rlcdn.com	eus.rubiconproject.com
1	pixel-eu.rubiconproject.com	1 redirects
1	image6.pubmatic.com	ads.pubmatic.com
1	ssbsync.smartadserver.com	1 redirects
1	clients1.google.com	www.nordkurier.de
1	www.googleapis.com	www.nordkurier.de
1	32e9ec56d9860726db9fe3d08cac0ce1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	bidder.criteo.com	cdns.yieldscale.com
1	hbopenbid.pubmatic.com	cdns.yieldscale.com
1	as-sec.casalemedia.com	cdns.yieldscale.com
1	msodigital-d.openx.net	cdns.yieldscale.com
1	ad.yieldlab.net	cdns.yieldscale.com
1	cdn.jsdelivr.net	cdns.yieldscale.com
1	cdns.yieldscale.com	www.nordkurier.de
1	www.googletagmanager.com	www.nordkurier.de
1	script.ioam.de	www.nordkurier.de
0	adx.adform.net Failed	cdn.recognified.net
186	84

This site contains links to these domains. Also see Links.

Domain
partnersuche.nordkurier.de
familie.nordkurier.de
jobs.nordkurier.de
www.nordkurier-reisen.de
shop.nordkurier.de
www.ikiosk.de
magazine.nordkurier.de
www.nordkurier-mediengruppe.de
www.nordkurier-briefdienst.de
www.nordkurier-druck.de
www.meckpomm.de
www.mecklenbook.de
www.um-tv.de
www.good-stock.de
nordkurier.media-box.de
cmp.nordkurier.de

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-25` - `2021-08-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.ioam.de Thawte TLS RSA CA G1	`2019-09-18` - `2021-12-17`	2 years	crt.sh
*.privacy-mgmt.com R3	`2021-02-03` - `2021-05-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
rumcdn.geoedge.be Amazon	`2020-10-02` - `2021-11-03`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
cdns.yieldscale.com GTS CA 1D2	`2021-01-30` - `2021-04-30`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-26` - `2021-04-17`	6 months	crt.sh
*.google.de GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.yieldlab.net DigiCert SHA2 Secure Server CA	`2020-02-04` - `2021-05-05`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-03` - `2022-02-19`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.recognified.net R3	`2021-01-05` - `2021-04-05`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2020-06-15` - `2021-06-15`	a year	crt.sh
*.adsafety.net R3	`2021-02-08` - `2021-05-09`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-02-28` - `2021-04-13`	a month	crt.sh
*.semasio.net Sectigo ECC Domain Validation Secure Server CA	`2020-03-09` - `2021-03-27`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-10-30` - `2021-04-27`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh

This page contains 24 frames:

Primary Page: https://www.nordkurier.de/
Frame ID: 8B519C0FFD27E500EC0743FC189B0CDD
Requests: 100 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/zrt_lookup.html
Frame ID: A205D4396C5090E969C0DEAAEA160D07
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&addtl_consent=1~&client=ca-pub-7351608356042114&output=html&adk=1812271804&adf=3025194257&lmt=1614955666&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nordkurier.de%2F&ea=0&flash=0&pra=5&wgl=1&dt=1614955733238&bpp=22&bdt=177&idt=144&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7398043665558&frm=20&pv=2&ga_vid=1461207546.1614955734&ga_sid=1614955734&ga_hid=2019150982&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C44737563&oid=3&pvsid=2072175501144971&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=380
Frame ID: A14482144C47627194B2751D360903DC
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssU4l4-qTqcyJh28OD_mlorMUS1V3_HWx10hEsgj9P8DuTeuG2fP_NQIn4unqv4OMcf5oPjX4Tnfc4SsiZnEzhYu92WAV8Qr_LKH_Vn6_swH0sy-tf9peRL-gg-XiNlzOuVXIUZn3VABYjfdORUFVyUWg0jRzY06Cwt7T5TdKOkFGCwbGbQrVWr4pWIk-nM7gHqAiU3P32kQtZ6o-jIQWSRSCNoREuajK4Xj3xSWc0KSzdNvnyNwibl_JuhIyDx-n1Ulw4i7xp_-ULNBPyLNVU_qoIKNUeCbIkqcjxORsvp0TkkqQ&sai=AMfl-YQK3eJfG9PsS_g9NkJyY54hcWnJBlECvUuZ8TzSkvXEMjMWWJflKavEZuL3bVvIzIbGgHFjDvgav0VK78tUYlIaidoJXBd7Z07C1HUy7qp9f8Xziytb5IMdqAnDz01E&sig=Cg0ArKJSzJ7K56H6Hj9-EAE&urlfix=1&adurl=
Frame ID: 687FA3B2A707EB6C2E3A21B0989617E7
Requests: 11 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuAYqdYp8ZP1mVJuBc5DNYmI4Uwc_xWqgHYGu52TA22DGux75yAKm0w1XhQqiBSbTrIouI22Gv_gpB_3YTPT_79FY9O-PNTaKTJYf14xgVQ4kExiyEiPAduxigl_g2nI_x30eH1MRA18K3MclYS36e7xOL3W0FdNLsWA6KtQLDH3L7i96gXAUTkaPe3LF0yRl3-yVLGspNTms_b-rfh-d8r6Txyi_uhNQUf-4yCTOFOwCxSOc-0mn_YuemMu-BlDsXlpZr2OIhSbtm6lEGE3Et-3BYyWmKpTzk7P2cgUt_iJvwt7w&sai=AMfl-YT_PtrYDuZWoIg4Dmnt7CFqFQSwOtfdwpJsn4lStiMTzNOEtx0BsseDCkzu0mI1zYm_Hou1VlgEfyd0c19wnR2eeaMdqvzKffI6CKzBKjFgfZAToKsCV8yw3m9hBVxa&sig=Cg0ArKJSzJQTO7Wc-km6EAE&urlfix=1&adurl=
Frame ID: 097EE7B9687D438BC27DA974368F76C1
Requests: 11 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt&dcc=t
Frame ID: B8E702B15645D66E636C749CC73BD4DF
Requests: 1 HTTP requests in this frame

Frame: https://www.nordkurier.de/&iw=801.328125&ih=451&geo_cntr=&imgSrc=https%3A%2F%2Fwww.nordkurier.de%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fartikel_bild_640px%2Fpublic%2Fdcx%2Fimages%2F2021%2F03%2F05%2Fdoc7es6cipz154i90ro8oy_file7es5ky97wxx14uvc4xzz.jpg%3Fitok%3DD-WzKm-E
Frame ID: 7D30ECF43155CDE694652EF027DBEF7B
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=rbd_smrt_pm-db5&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Frame ID: 1640EB34BB3680BDEA89C587D499D684
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Frame ID: A8D24D0DEE570A2FFB636DB88C1B053D
Requests: 11 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7216770368658249930
Frame ID: 3D90437C6CC9C682B1197E92A1B61470
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID&gdpr=0
Frame ID: 72EB5DD4063E09406B5631C87C667722
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsucustpcNDLUcwqrv3HB09VDuTZWqiluW8RhtXZlIOOqpKn6d5SIx6XXmDXgM8Jh_rdh0qik0eldnAkTAIBG6mfKujyCtBc6jbw52VxCGmF1FLCCVz2bX6Dj_rTQzEUfnqsNsLji3AlTL6wmYA5WQu6UMNxqq9am_Vc7C5Jh_QZXmJMDLdI2aHFdanYSpS3scpXAnY-bsTp_rLmtbymLDYSaY_8S0_W-So2dGg3bQTYdBNkTSU0qNq9Pqkfk7hEBxtx9JCbB43fXBityFD2msiasjPOJhd6292gy-DKe_H38fQSKr8&sig=Cg0ArKJSzHF8v33wBYNcEAE&adurl=
Frame ID: A6CAE33F415C298D5E4C958D24EDD2D1
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs
Frame ID: 84B419D92E69F7EB7545400DFC4C57FF
Requests: 15 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 00FCD7B1E1565E2B110657CC48B6A3EA
Requests: 22 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 17A3F6B0D3FAEE3FB5E275AAA289081A
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4409913149976251074
Frame ID: EA26C2680D2ADF1BB537DC305C264C7A
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAH-P07AhIoAABB6avKU5A
Frame ID: A3E12E305D153576D0783DDD5679C339
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6936182062043166866
Frame ID: 602545B2ABBB9857EE116F14D9F88E70
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=0yn3RRNY99o4WxntVVivWa8Y
Frame ID: 8FFCF18966B64F8D5E3839B18A6219F3
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&ex=pubmatic.com
Frame ID: 203C3EECC2759EE00B5024807EC67D09
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs
Frame ID: 237971953AC9CC33DFAF42420BC8577C
Requests: 11 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
Frame ID: E5996C8690368165674929F9F357A692
Requests: 7 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.nordkurier.de&gdpr=0&gdpr_consent=
Frame ID: 4F12DBCD477BAF8EFCFB2AA6ADDE5B38
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: E4CBDC45EE3F7DF314E479452F696134
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<(?:link|style)[^>]+"\/sites\/(?:default|all)\/(?:themes|modules)\//i
headers expires /19 Nov 1978/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<(?:link|style)[^>]+"\/sites\/(?:default|all)\/(?:themes|modules)\//i
headers expires /19 Nov 1978/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Page Statistics

186
Requests

99 %
HTTPS

34 %
IPv6

52
Domains

84
Subdomains

58
IPs

9
Countries

4092 kB
Transfer

9079 kB
Size

3
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://partnersuche.nordkurier.de/
Title: Partnersuche

Search URL Search Domain Scan URL

URL: https://familie.nordkurier.de/
Title: Familie

Search URL Search Domain Scan URL

URL: https://jobs.nordkurier.de/
Title: Jobs

Search URL Search Domain Scan URL

URL: https://www.nordkurier-reisen.de/
Title: Reisen

Search URL Search Domain Scan URL

URL: https://shop.nordkurier.de/
Title: Der Nordkurier Shop – jetzt Angebote entdecken!

Search URL Search Domain Scan URL

URL: https://www.ikiosk.de/shop/epaper/nordkurier.html
Title: Kaufen

Search URL Search Domain Scan URL

URL: https://magazine.nordkurier.de/

Search URL Search Domain Scan URL

URL: http://www.nordkurier-mediengruppe.de/
Title: Nordkurier Mediengruppe

Search URL Search Domain Scan URL

URL: http://www.nordkurier-briefdienst.de/
Title: Nordkurier Logistik Brief + Paket

Search URL Search Domain Scan URL

URL: http://www.nordkurier-druck.de/
Title: Nordkurier Druck

Search URL Search Domain Scan URL

URL: http://www.meckpomm.de/
Title: MeckPomm.de

Search URL Search Domain Scan URL

URL: https://www.mecklenbook.de/
Title: Mecklenbook

Search URL Search Domain Scan URL

URL: http://www.um-tv.de/
Title: UM.tv

Search URL Search Domain Scan URL

URL: https://www.good-stock.de/e-commerce/shopware-schnittstelle/
Title: Fulfillment mit Shopware und Good-Stock

Search URL Search Domain Scan URL

URL: http://nordkurier.media-box.de/
Title: Mediabox

Search URL Search Domain Scan URL

URL: https://cmp.nordkurier.de/
Title: Cookie Management

Search URL Search Domain Scan URL

URL: https://shop.nordkurier.de/Abo
Title: Abo

Search URL Search Domain Scan URL

URL: https://shop.nordkurier.de/service
Title: Aboservice

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

https://de.ioam.de/tx.io?st=nordkuri&cp=Homepage&sc=yes&sv=ke&co=kommentar&ct=0100000000&pt=CP&ps=lin&er=N22&rf=&r2=&ur=www.nordkurier.de&xy=1600x1200x24&lo=CH%2FZurich&cb=0018&i2=00181f4b8307ae730604244d5&ep=1637786786&vr=423&id=qn28vx&i3=00181f4b8307ae730604244d5%3A1646232533651%3A1614955733651%3A.nordkurier.de%3A1%3Anordkuri%3AHomepage%3Anoevent%3A1614955733651&n1=9&dntt=0&lt=1614955733652&ev=&cs=yxrio8&mo=1 HTTP 302
https://de.ioam.de/tx.io?st=nordkuri&cp=Homepage&sc=yes&sv=ke&co=kommentar&ct=0100000000&pt=CP&ps=lin&er=N22&rf=&r2=&ur=www.nordkurier.de&xy=1600x1200x24&lo=CH%2FZurich&cb=0018&i2=00181f4b8307ae730604244d5&ep=1637786786&vr=423&id=qn28vx&i3=00181f4b8307ae730604244d5%3A1646232533651%3A1614955733651%3A.nordkurier.de%3A1%3Anordkuri%3AHomepage%3Anoevent%3A1614955733651&n1=9&dntt=0&lt=1614955733652&ev=&cs=yxrio8&mo=1&sr=71

Request Chain 97

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt&dcc=t

Request Chain 103

https://rads.recognified.net/cm/ HTTP 302
https://cm.adsafety.net/?_cmsrc=rf&midt=100&mdid=dc2974c458f131752f64c7a6200003c9 HTTP 302
https://tags.adsafety.net/v1/cm?cm_uid=CM1202103051497df75ec42428d74c3c&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Ddspx%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D HTTP 302
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=dspx&idt=100&did=c0adb5c96f8b24249e2ef9d1c8806d03 HTTP 302
https://buyer.dspx.tv/cm/?cmsrc=cm&cm_uid=CM1202103051497df75ec42428d74c3c&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Ddspx%26_chainsrc%3Ddspx%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D HTTP 302
https://cm.adsafety.net/?_cmsrc=dspx&_chainsrc=dspx&idt=100&did=dc2974c458f131752f64c7a6200003c9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=permodo_dbm&google_cm&google_hm=Q00xMjAyMTAzMDUxNDk3ZGY3NWVjNDI0MjhkNzRjM2M HTTP 302
https://cm.adsafety.net/?_cmsrc=dbm&idt=100&did=[google_gid]&google_gid=CAESEMh7aAQpmx8XUngpj1HYm0k&google_cver=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=admans&ttd_tpi=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=ttdx&idt=100&did=f64f6f07-603f-43db-9460-3026443906c6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_hm=Q00xMjAyMTAzMDUxNDk3ZGY3NWVjNDI0MjhkNzRjM2M HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESEN-VS2flW_FBJvj7zGEYj4U&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEN-VS2flW_FBJvj7zGEYj4U&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=c0adb5c96f8b24249e2ef9d1c8806d03&uid=c0adb5c96f8b24249e2ef9d1c8806d03&data[stv][idt_did_status]=added&gdpr_consent=

Request Chain 107

https://rads.recognified.net/cm/ HTTP 302
https://cm.adsafety.net/?_cmsrc=rf&midt=100&mdid=dc2974c458f131752f64c7a6200003c9 HTTP 302
https://tags.adsafety.net/v1/cm?cm_uid=CM1202103051497df75ec42428d74c3c&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Ddspx%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D HTTP 302
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=dspx&idt=100&did=c0adb5c96f8b24249e2ef9d1c8806d03 HTTP 302
https://buyer.dspx.tv/cm/?cmsrc=cm&cm_uid=CM1202103051497df75ec42428d74c3c&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Ddspx%26_chainsrc%3Ddspx%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D HTTP 302
https://cm.adsafety.net/?_cmsrc=dspx&_chainsrc=dspx&idt=100&did=dc2974c458f131752f64c7a6200003c9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=permodo_dbm&google_cm&google_hm=Q00xMjAyMTAzMDUxNDk3ZGY3NWVjNDI0MjhkNzRjM2M HTTP 302
https://cm.adsafety.net/?_cmsrc=dbm&idt=100&did=[google_gid]&google_gid=CAESEMh7aAQpmx8XUngpj1HYm0k&google_cver=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=admans&ttd_tpi=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=ttdx&idt=100&did=6c5ee20f-f4b8-4ce4-849e-22182897b672 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_hm=Q00xMjAyMTAzMDUxNDk3ZGY3NWVjNDI0MjhkNzRjM2M HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESEN-VS2flW_FBJvj7zGEYj4U&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEN-VS2flW_FBJvj7zGEYj4U&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=c0adb5c96f8b24249e2ef9d1c8806d03&uid=c0adb5c96f8b24249e2ef9d1c8806d03&data[stv][idt_did_status]=added&gdpr_consent=

Request Chain 114

https://ssbsync.smartadserver.com/api/sync?callerId=2&gdpr=0 HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7216770368658249930

Request Chain 136

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 141

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu&gdpr=0&gdpr=0 HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KLWEY37E-1U-864D&ex=d-rubiconproject.com&status=ok&gdpr=0

Request Chain 142

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEHI0b1O-A2VPsDVyY_pgf-I&google_cver=1

Request Chain 143

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0&_test=YEJE1gAAAKeFVToG HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YEJE1gAAAKeFVToG&gdpr=0&_test=YEJE1gAAAKeFVToG

Request Chain 144

https://token.rubiconproject.com/token?pid=25470&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S0xXRVkzN0UtMVUtODY0RA==&gdpr=0

Request Chain 145

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/XtxNp6_qxe7FAoteAbEJKsn5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5151431532444992176

Request Chain 146

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=a4286042-44d6-4700-a545-4685137964e6&gdpr=0&gdpr_consent=

Request Chain 149

https://token.rubiconproject.com/token?pid=26594&gdpr=0 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KLWEY37E-1U-864D&sigv=1&esig=2~af53d849241adc29607576539fbc5e67be75fc48&gdpr=0

Request Chain 151

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4409913149976251074

Request Chain 152

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFHM3owN0FoSW9BQUJDWVZpZlp6Zw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAG3z07AhIoAABCYVifZzg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAG3z07AhIoAABCYVifZzg&pid=558502&do=add HTTP 303
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAG3z07AhIoAABCYVifZzg&pid=558502&do=add&_bee_ppp=1 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAH-P07AhIoAABB6avKU5A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=6486247112222742846 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAH-P07AhIoAABB6avKU5A

Request Chain 153

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6936182062043166866

Request Chain 154

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=0yn3RRNY99o4WxntVVivWa8Y

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bIA9gQvkQ82V8UHEOysNJQ%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 158

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 159

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&addseg=31

Request Chain 160

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFk_AKuL0Ma0ixbMwSjWG4U&google_cver=1

Request Chain 161

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6443819192632289527

Request Chain 162

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b4c56042-44d6-4b00-8694-b7a64af12551&gdpr=0&gdpr_consent=

Request Chain 163

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=6c5ee20f-f4b8-4ce4-849e-22182897b672

Request Chain 164

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6583805785100026089&gdpr=0&gdpr_consent=

Request Chain 165

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-f7eO45d1l2IcU3idzaigH01M.6tgGXE-&gdpr=0&gdpr_consent=

Request Chain 167

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2816960095302624362&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 168

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=nOBnBJ7kNwCHtGtUy-R-AZLmZgGH6WFUmOSsqOGK

Request Chain 169

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dpubmatic%26bsw_param%3De4cdfb61-ddbc-4d53-9ba5-27b66f1a3b35%26gdpr%3D0%26consent%3D%26gdpr_pd%3D HTTP 302
https://x.bidswitch.net/sync?dsp_id=354&user_id=b517963170b443fb80881afb66dfdc51&ssp=pubmatic&bsw_param=e4cdfb61-ddbc-4d53-9ba5-27b66f1a3b35&gdpr=0&consent=&gdpr_pd= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e4cdfb61-ddbc-4d53-9ba5-27b66f1a3b35&gdpr=0&gdpr_consent=&gdpr_pd=

Request Chain 170

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YEJE1gAAAKeFVToG&gdpr=0&gdpr_consent=

Request Chain 171

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d2cfc20e-d102-492f-9526-1858442d06e6-604244d7-4348&gdpr=0&gdpr_consent=

Request Chain 173

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:2a853f81-7709-4e20-8a51-0c0588bb4d4b&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 200

https://eu-u.openx.net/w/1.0/pd?plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0

Request Chain 201

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=29416042-44d8-4d00-8d0c-080b281ff7d3

Request Chain 202

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=Nqm6ATSt6gotqLwKMvyjBDSgv1Ut_7wAMqHD1Se3

Request Chain 203

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3992182173670863244

Request Chain 205

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTkxYjI4MDktZDBhYi02ZjgyLTdjYzQtMGRkZTQ2OWUwOTU4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTkxYjI4MDktZDBhYi02ZjgyLTdjYzQtMGRkZTQ2OWUwOTU4&google_tc=

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEN0rOWSzCt39UGibj38-1ek&google_cver=1

186 HTTP transactions
28 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.nordkurier.de/ 2 MB
1 MB 84ms
66ms Document
text/html 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

578e85566f961f8549fbcfcfcc6189485b8efac3827244f6cfd0979e2f9f3cc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	allow-from nordkuriercrmtest.crm4.dynamics.com

Request headers

:method: GET
:authority: www.nordkurier.de
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d2dd8225b0f3276933a32d9735bc0b3061614955732; expires=Sun, 04-Apr-21 14:48:52 GMT; path=/; domain=.nordkurier.de; HttpOnly; SameSite=Lax; Secure 1a6a442eb9a448b3bd56be90b1d98072=WyIyMTI4MTAxMzQiXQ; Expires=Sat, 06-Mar-21 14:48:48 GMT; Domain=www.nordkurier.de; Path=/; HttpOnly
x-content-type-options: nosniff
drupal-pagecache-memcache: HIT, age=62
x-drupal-cache: HIT
content-language: de
x-frame-options: allow-from nordkuriercrmtest.crm4.dynamics.com
x-generator: Nordkurier
link: <none>; rel="canonical",<https://www.nordkurier.de/>; rel="shortlink"
cache-control: public, max-age=300
last-modified: Fri, 05 Mar 2021 14:47:46 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
vary: Cookie,Accept-Encoding
x-varnish: 48623299 48995363
age: 4
via: 1.1 varnish (Varnish/5.2)
x-varnish-cache: HIT
cf-cache-status: DYNAMIC
cf-request-id: 08a475f802000016eeb2982000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 62b425d33f9216ee-FRA
content-encoding: br

GET
H2 200 PT_Sans-Web-Regular.ttf
www.nordkurier.de/sites/all/themes/custom/nordkurier2013/fonts/PT_Sans/ 260 KB
132 KB 47ms
43ms Font
application/font-sfnt 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/all/themes/custom/nordkurier2013/fonts/PT_Sans/PT_Sans-Web-Regular.ttf

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3895f89eac8f79ffb30fb97580265c9cdb3a8027935444ef6727ae40db5e7ef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.nordkurier.de
Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527457
content-encoding: br
cf-request-id: 08a475f84e000016eeefa25000000001
x-varnish: 11681521 12652198
last-modified: Thu, 04 Feb 2021 08:09:35 GMT
server: cloudflare
etag: W/"4111c-5ba7e396a80c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-sfnt
cache-control: public, max-age=11229800
cf-ray: 62b425d3b81816ee-FRA

GET
H2 200 icomoon.ttf
www.nordkurier.de/sites/all/themes/custom/nordkurier2013/fonts/IcoMoon/fonts/ 77 KB
39 KB 32ms
29ms Font
application/font-sfnt 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/all/themes/custom/nordkurier2013/fonts/IcoMoon/fonts/icomoon.ttf?hg8jnv

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a99a80c32ad0e61a248f522a589300c114673faa3b19fea71a653902914f96e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.nordkurier.de
Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527457
content-encoding: br
cf-request-id: 08a475f84e000016eeed16f000000001
x-varnish: 9752511 11904119
last-modified: Wed, 03 Feb 2021 10:21:54 GMT
server: cloudflare
etag: W/"1334c-5ba6bf4c21364"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-sfnt
cache-control: public, max-age=11229800
cf-ray: 62b425d3b81a16ee-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c47f237d1c8ad4453f1a6b3297f211c73406587e055b11010f464cce429ccdf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50151
x-xss-protection: 0
server: cafe
etag: 16592651781346407387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H2 200 css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css
www.nordkurier.de/sites/default/files/css/ 7 KB
2 KB 18ms
15ms Stylesheet
text/css 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/css/css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c44fab5ab25ff9f9dc07aced65f77686ec6a831bb858efaac266ba5deaf7d26e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527457
content-encoding: br
cf-request-id: 08a475f84d000016ee298e3000000001
x-varnish: 11009897
last-modified: Tue, 19 Jan 2021 09:53:37 GMT
server: cloudflare
etag: W/"8a9-5b93dcffe6b2a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=11229800
cf-ray: 62b425d3a81416ee-FRA

GET
H2 200 css_JJEmFK0tziqhOOhXBbUrglQNzmfpjEFEX6P7El3N67w.css
www.nordkurier.de/sites/default/files/css/ 10 KB
3 KB 23ms
20ms Stylesheet
text/css 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/css/css_JJEmFK0tziqhOOhXBbUrglQNzmfpjEFEX6P7El3N67w.css

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24912614ad2dce2aa138e85705b52b82540dce67e98c41445fa3fb125dcdebbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527457
content-encoding: br
cf-request-id: 08a475f84d000016ee2fa7b000000001
x-varnish: 9752512
last-modified: Tue, 12 Jan 2021 16:52:46 GMT
server: cloudflare
etag: W/"aae-5b8b6da22c18e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=11229800
cf-ray: 62b425d3a81516ee-FRA

GET
H2 200 css_5fxXckabSgIl7xQ2Ba6qQJrQ4kVfYhs07ffobUwlqrM.css
www.nordkurier.de/sites/default/files/css/ 3 KB
1 KB 21ms
19ms Stylesheet
text/css 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/css/css_5fxXckabSgIl7xQ2Ba6qQJrQ4kVfYhs07ffobUwlqrM.css

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5fc5772469b4a0225ef143605aeaa409ad0e2455f621b34edf7e86d4c25aab3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1490367
content-encoding: br
cf-request-id: 08a475f84e000016eebe24b000000001
x-varnish: 1233883
last-modified: Tue, 16 Feb 2021 08:49:04 GMT
server: cloudflare
etag: W/"45f-5bb702cb673ab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=11229800
cf-ray: 62b425d3a81616ee-FRA

GET
H2 200 css_oDtvRUxjxvq5RAsQetAykNdD0bp1R48QKxCZHZtXYmA.css
www.nordkurier.de/sites/default/files/css/ 76 KB
13 KB 19ms
17ms Stylesheet
text/css 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/css/css_oDtvRUxjxvq5RAsQetAykNdD0bp1R48QKxCZHZtXYmA.css

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a03b6f454c63c6fab9440b107ad03290d743d1ba75478f102b10991d9b576260

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 627094
content-encoding: br
cf-request-id: 08a475f84e000016eeb2986000000001
x-varnish: 6477361
last-modified: Thu, 25 Feb 2021 13:37:42 GMT
server: cloudflare
etag: W/"3762-5bc2941838024"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=11229800
cf-ray: 62b425d3a81716ee-FRA

GET
H2 200 js_wKyFX46tVKJtPKN12qNjRfS4aubW4G2u7LK22vlDiKo.js Show response
www.nordkurier.de/sites/default/files/js/ 130 KB
44 KB 29ms
26ms Script
text/javascript 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/js/js_wKyFX46tVKJtPKN12qNjRfS4aubW4G2u7LK22vlDiKo.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0ac855f8ead54a26d3ca375daa36345f4b86ae6d6e06daeecb2b6daf94388aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1492206
content-encoding: br
cf-request-id: 08a475f84e000016eed2a3e000000001
x-varnish: 467062
last-modified: Tue, 19 Jan 2021 09:53:37 GMT
server: cloudflare
etag: W/"b3d5-5b93dcffed88b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=11229800
cf-ray: 62b425d3b81b16ee-FRA

GET
H2 200 js_X4V2KMOpIanHA5e4YlU2Ouypad5qsBKHh21_Q5VikpA.js Show response
www.nordkurier.de/sites/default/files/js/ 4 KB
1 KB 19ms
16ms Script
text/javascript 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/js/js_X4V2KMOpIanHA5e4YlU2Ouypad5qsBKHh21_Q5VikpA.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f857628c3a921a9c70397b86255363aeca969de6ab01287876d7f4395629290

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1040766
content-encoding: br
cf-request-id: 08a475f84f000016eef7129000000001
x-varnish: 13531695
last-modified: Fri, 12 Feb 2021 11:25:14 GMT
server: cloudflare
etag: W/"5bb-5bb21e3dbcbb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=11229800
cf-ray: 62b425d3b81c16ee-FRA

GET
H2 200 js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js Show response
www.nordkurier.de/sites/default/files/js/ 149 KB
40 KB 35ms
33ms Script
text/javascript 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a99b0502c8b3a373565bd6fae551562516be82107768c9da9715d86d730d82c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527457
content-encoding: br
cf-request-id: 08a475f84f000016ee09225000000001
x-varnish: 11817521
last-modified: Wed, 03 Feb 2021 22:21:28 GMT
server: cloudflare
etag: W/"ab04-5ba760225bba5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=11229800
cf-ray: 62b425d3b81d16ee-FRA

GET
H2 200 js_PdRcrByN6GDQGb8RHEZ9uD1aEKLC6tmBhwLFYjPqvQc.js Show response
www.nordkurier.de/sites/default/files/js/ 11 KB
4 KB 20ms
18ms Script
text/javascript 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/js/js_PdRcrByN6GDQGb8RHEZ9uD1aEKLC6tmBhwLFYjPqvQc.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dd45cac1c8de860d019bf111c467db83d5a10a2c2ead9818702c56233eabd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1490367
content-encoding: br
cf-request-id: 08a475f84f000016eec5ba4000000001
x-varnish: 837375
last-modified: Tue, 16 Feb 2021 08:49:04 GMT
server: cloudflare
etag: W/"fbb-5bb702cb7004b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=11229800
cf-ray: 62b425d3b81f16ee-FRA

GET
H2 200 js_wPMgECsPo07jhxVFJA86yN1WYxlYjXeUtAYmVP71MP0.js Show response
www.nordkurier.de/sites/default/files/js/ 1 KB
669 B 21ms
20ms Script
text/javascript 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/js/js_wPMgECsPo07jhxVFJA86yN1WYxlYjXeUtAYmVP71MP0.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0f320102b0fa34ee3871545240f3ac8dd566319588d7794b4062654fef530fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1314588
content-encoding: br
cf-request-id: 08a475f84f000016eeaca5f000000001
x-varnish: 4812186
last-modified: Thu, 18 Feb 2021 07:35:15 GMT
server: cloudflare
etag: W/"23e-5bb97606d4a3f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=11229800
cf-ray: 62b425d3b82016ee-FRA

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 75ms
54ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=016080730690978638615:aclo6jgktdi

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

cb03b00d3671b2b50331d90d1d5f2c315bf020a9c8d0f99d7958f34fa53c2344

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3467
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H2 200 js_7X6oP3-RdHO9Vbdd2ek0Hw1G8xUzIadPCbbXjUnRY28.js Show response
www.nordkurier.de/sites/default/files/js/ 2 KB
599 B 19ms
18ms Script
text/javascript 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/default/files/js/js_7X6oP3-RdHO9Vbdd2ek0Hw1G8xUzIadPCbbXjUnRY28.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed7ea83f7f917473bd55b75dd9e9341f0d46f3153321a74f09b6d78d49d1636f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527445
content-encoding: br
cf-request-id: 08a475f850000016ee2d15e000000001
x-varnish: 4873564
last-modified: Tue, 12 Jan 2021 16:52:50 GMT
server: cloudflare
etag: W/"20d-5b8b6da5c021f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=11229800
cf-ray: 62b425d3b82216ee-FRA

GET
H/1.1 200
OK iam.js Show response
script.ioam.de/ 48 KB
14 KB 104ms
39ms Script
application/javascript 91.215.103.64
INFONLINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://script.ioam.de/iam.js
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.215.103.64 , Germany, ASN43407 (INFONLINE-AS, NL),
Reverse DNS: script3.ioam.de
Software: nginx / BLACKBIRD-SRC v0.13 0018
Resource Hash: 0791014260807d85fc498ea3074e2b84c72006645f96d9543ed1816878c46cff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx
X-Powered-By: BLACKBIRD-SRC v0.13 0018
Vary: Accept-Encoding
P3P: policyref=https://script.ioam.de/p3p.xml, CP=NOI DSP NID PSAa OUR NOR UNI COM NAV
Cache-Control: private, max-age=7200, pre-check=7200
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/javascript
Expires: Fri, 05 Mar 2021 16:48:53 GMT

GET
H2 200 doc7es6cipz154i90ro8oy_file7es5ky97wxx14uvc4xzz.jpg
www.nordkurier.de/sites/default/files/styles/artikel_bild_640px/public/dcx/images/2021/03/05/ 36 KB
36 KB 21ms
18ms Image
image/jpeg 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordkurier.de/sites/default/files/styles/artikel_bild_640px/public/dcx/images/2021/03/05/doc7es6cipz154i90ro8oy_file7es5ky97wxx14uvc4xzz.jpg?itok=D-WzKm-E

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e2f923eb27c2a305acbfec6800252928d4d568722eec85c0acff59b2d3eae00

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 825
cf-ray: 62b425d438b916ee-FRA
content-length: 36423
cf-request-id: 08a475f8a7000016eec1057000000001
last-modified: Fri, 05 Mar 2021 14:34:29 GMT
server: cloudflare
etag: "8e47-5bccafb5023d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-varnish: 48508094
cache-control: public, max-age=11229800
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

OPTIONS
H2 200 native-message
cdn.privacy-mgmt.com/wrapper/tcfv2/v1/gdpr/ Frame 0
0 153ms
61ms Preflight
text/html 65.9.187.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/wrapper/tcfv2/v1/gdpr/native-message?requestUUID=84b41375-8714-4be9-9d90-c2d224fbcaa9&hasCsp=true&env=prod&consentLanguage=browserDefault&body=%7B%22accountId%22%3A1061%2C%22requestUUID%22%3A%2284b41375-8714-4be9-9d90-c2d224fbcaa9%22%2C%22propertyHref%22%3A%22https%3A%2F%2Fwww.nordkurier.de%2F%22%2C%22euconsent%22%3Anull%2C%22meta%22%3A%22%7B%5C%22mmsCookies%5C%22%3A%5B%5D%2C%5C%22resolved%5C%22%3Anull%7D%22%2C%22clientMMSOrigin%22%3A%22https%3A%2F%2Fcmp.nordkurier.de%22%2C%22targetingParams%22%3Anull%2C%22campaignEnv%22%3A%22prod%22%2C%22pubData%22%3A%7B%7D%7D
Protocol: H2
Server: 65.9.187.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.nordkurier.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/html; charset=utf-8
content-length: 13
date: Fri, 05 Mar 2021 14:48:53 GMT
x-powered-by: Express
access-control-allow-origin: https://www.nordkurier.de
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,SP_SCRIPT_VERSION
access-control-allow-methods: GET, PUT, POST, DELETE
cache-control: no-cache, no-store
allow: POST,GET,HEAD
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0921eae154c93e666b192fa267ea4bfb.cloudfront.net (CloudFront)
x-amz-cf-pop: ZAG50-C1
x-amz-cf-id: wQw-BRa8UELYfKa-LsJ-P2p49mATihJrJ-YEa1n3RUbX0xAgxwsltA==

GET
H2 200 native-message Show response
cdn.privacy-mgmt.com/wrapper/tcfv2/v1/gdpr/ 319 KB
15 KB 118ms
117ms XHR
application/json 65.9.187.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.privacy-mgmt.com/wrapper/tcfv2/v1/gdpr/native-message?requestUUID=84b41375-8714-4be9-9d90-c2d224fbcaa9&hasCsp=true&env=prod&consentLanguage=browserDefault&body=%7B%22accountId%22%3A1061%2C%22requestUUID%22%3A%2284b41375-8714-4be9-9d90-c2d224fbcaa9%22%2C%22propertyHref%22%3A%22https%3A%2F%2Fwww.nordkurier.de%2F%22%2C%22euconsent%22%3Anull%2C%22meta%22%3A%22%7B%5C%22mmsCookies%5C%22%3A%5B%5D%2C%5C%22resolved%5C%22%3Anull%7D%22%2C%22clientMMSOrigin%22%3A%22https%3A%2F%2Fcmp.nordkurier.de%22%2C%22targetingParams%22%3Anull%2C%22campaignEnv%22%3A%22prod%22%2C%22pubData%22%3A%7B%7D%7D
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.187.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: 6a4cbb9dcf4b40c8643c7caf28ca6a6ed16596dcc8672c9a6659d34a335fc5c4

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-amz-cf-pop: ZAG50-C1
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nordkurier.de
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-cache: Miss from cloudfront
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
x-amz-cf-id: 0QkCvrkLjOjATLB1fVqa6kbxuDJgV8sOpEedDWeMwL6TTo9rXhrnYw==
via: 1.1 0921eae154c93e666b192fa267ea4bfb.cloudfront.net (CloudFront)

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 58 KB
20 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41a75bfe0ede45e62b25affc73c3526bc5a973a959a50697eed855c1a333f618

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "802 / 109 of 1000 / last-modified: 1614946432"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19862
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 138 KB
46 KB 19ms
16ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TKLB37

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

50d11e57f8fc38d756d2e2173f8f6a1c42c1a08c3183041fcc2d08f4e2df7871

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46720
x-xss-protection: 0
last-modified: Fri, 05 Mar 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H2 200 logo_nordkurier.png
www.nordkurier.de/sites/all/themes/custom/nordkurier2013/images/ 16 KB
16 KB 19ms
19ms Image
image/png 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordkurier.de/sites/all/themes/custom/nordkurier2013/images/logo_nordkurier.png

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/sites/default/files/css/css_oDtvRUxjxvq5RAsQetAykNdD0bp1R48QKxCZHZtXYmA.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73efa3c6048e9ab950db21c267279960356bbc74505e713c6380ff16539735dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/sites/default/files/css/css_oDtvRUxjxvq5RAsQetAykNdD0bp1R48QKxCZHZtXYmA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527454
content-type: image/png
content-length: 16372
cf-request-id: 08a475f8ac000016ee1f315000000001
last-modified: Thu, 04 Feb 2021 08:09:35 GMT
server: cloudflare
etag: "3ff4-5ba7e396a9060"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-varnish: 12652278
cache-control: public, max-age=11229800
accept-ranges: bytes
cf-ray: 62b425d448be16ee-FRA

GET
H2 200 DejaVu-Sans.woff
www.nordkurier.de/sites/all/themes/custom/nordkurier2013/fonts/DejaVu/ 25 KB
25 KB 19ms
18ms Font
application/font-woff 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/all/themes/custom/nordkurier2013/fonts/DejaVu/DejaVu-Sans.woff

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/sites/default/files/css/css_oDtvRUxjxvq5RAsQetAykNdD0bp1R48QKxCZHZtXYmA.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

931b67bbdf14e0c9895163111489019925a8d9193876efd823148168d763e52a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.nordkurier.de
Referer: https://www.nordkurier.de/sites/default/files/css/css_oDtvRUxjxvq5RAsQetAykNdD0bp1R48QKxCZHZtXYmA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527456
content-encoding: br
cf-request-id: 08a475f8b0000016eede8bf000000001
x-varnish: 12035140
last-modified: Thu, 04 Feb 2021 08:09:35 GMT
server: cloudflare
etag: W/"630c-5ba7e396a1360"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff
cache-control: public, max-age=11229800
cf-ray: 62b425d448c116ee-FRA

GET
H2 200 DejaVu-Sans-Bold.woff
www.nordkurier.de/sites/all/themes/custom/nordkurier2013/fonts/DejaVu/ 24 KB
25 KB 16ms
16ms Font
application/font-woff 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordkurier.de/sites/all/themes/custom/nordkurier2013/fonts/DejaVu/DejaVu-Sans-Bold.woff

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/sites/default/files/css/css_oDtvRUxjxvq5RAsQetAykNdD0bp1R48QKxCZHZtXYmA.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9e09403bd55b7740b4cb4e2e1ebe6132d8a1da0414e78a6960164077c2385d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.nordkurier.de
Referer: https://www.nordkurier.de/sites/default/files/css/css_oDtvRUxjxvq5RAsQetAykNdD0bp1R48QKxCZHZtXYmA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527456
content-encoding: br
cf-request-id: 08a475f8ae000016eefe842000000001
x-varnish: 12035144
last-modified: Thu, 04 Feb 2021 08:09:35 GMT
server: cloudflare
etag: W/"61d0-5ba7e396a03c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff
cache-control: public, max-age=11229800
cf-ray: 62b425d448c416ee-FRA

GET
DATA 200
OK truncated
/ 110 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cda3b9cdce18bc98f4a4586419e98fad13eed5a179fbfd8debfcec6494c8383c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 nk_plus.png
www.nordkurier.de/sites/all/modules/custom/nk_plus/images/ 846 B
1 KB 76ms
72ms Image
image/png 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordkurier.de/sites/all/modules/custom/nk_plus/images/nk_plus.png

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/sites/default/files/css/css_JJEmFK0tziqhOOhXBbUrglQNzmfpjEFEX6P7El3N67w.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

477d91ab94e5a4d5c7e16269545bd13705bcba52333bc19bb397b500cea45fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/sites/default/files/css/css_JJEmFK0tziqhOOhXBbUrglQNzmfpjEFEX6P7El3N67w.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: BYPASS
last-modified: Wed, 03 Mar 2021 15:23:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-varnish: 48446429
content-type: image/png
accept-ranges: bytes
cf-ray: 62b425d4991f16ee-FRA
content-length: 846
cf-request-id: 08a475f8e3000016ee30119000000001

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/ 227 KB
85 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7351608356042114&plah=www.nordkurier.de&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1f6f1027092d281d624e67f9f83460ed291ae367b558c16cd6afad7af5eba1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87278
x-xss-protection: 0
server: cafe
etag: 4389487008424739880
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/ Frame A205 11 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e78c14aeb9435fd03f67ad2ee4c45e18bfcfc100a4c62c8bd886324ce6296f77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210303/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nordkurier.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nordkurier.de/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 04 Mar 2021 21:27:47 GMT
expires: Thu, 18 Mar 2021 21:27:47 GMT
content-type: text/html; charset=UTF-8
etag: 14371272352318978350
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 5136
x-xss-protection: 0
age: 62466
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pubads_impl_2021030101.js Show response
securepubads.g.doubleclick.net/gpt/ 282 KB
99 KB 32ms
32ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

c183713781265a2abdc03eab5050b102a17a1170eaa908604e61fc9f07c9aad4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 09:37:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101543
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
DATA 200
OK truncated
/ 82 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b34adbc6346c94ab87b1b7ffd13bab8399c126d039ad8babb91139e8399244af

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/323d4b81541ddb5b/ 275 KB
90 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=016080730690978638615:aclo6jgktdi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0cdcf3224a18d66039b74a6a0c70977585d75d5ed67ba23a6b5eab8c0a2ba7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 07:38:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 25803
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92401
x-xss-protection: 0
expires: Sat, 05 Mar 2022 07:38:50 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/323d4b81541ddb5b/ 41 KB
9 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=016080730690978638615:aclo6jgktdi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 07:38:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 25803
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
expires: Sat, 05 Mar 2022 07:38:50 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 18ms
17ms Stylesheet
text/css 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=016080730690978638615:aclo6jgktdi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 36
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Fri, 05 Mar 2021 15:38:17 GMT

GET
DATA 200
OK truncated
/ 73 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da905cb7ee07808b88faa67deebc6dab6dfd9edbeda7f2a480ba8f76fab4a1f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 grumi-ip.js Show response
rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/ 10 KB
5 KB 90ms
28ms Script
application/javascript 2600:9000:20d7:ce00:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20d7:ce00:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f2092ab5b58ee05742a711f65fe3021be81a1d243a14109ad140ef42cfb6382f

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:44:18 GMT
content-encoding: br
last-modified: Mon, 30 Nov 2020 08:04:19 GMT
server: AmazonS3
age: 276
etag: W/"883780093129b6025aea7386226647ed"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: er4GyhTc11wXIuRA28.H0cCuNFicXRVx
via: 1.1 7e8e21f463faf38ee9cfcd5ec5e09b6d.cloudfront.net (CloudFront)
cache-control: public, max-age: 14400, stale-while-revalidate=14400, immutable
x-amz-cf-pop: ZAG50-C1
content-type: application/javascript
x-amz-cf-id: RdrnJLhJj952MtOP61jHEkUcTvs8_D8Cw-qg3CVsc4BdgDyFJMHpPw==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 119 KB
31 KB 147ms
48ms Script
application/javascript 65.9.24.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.24.128 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 86cef609c85d2c2ce6a507af54e77a9c150e2fa408043e1454082614c4b0ce2b

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:45:19 GMT
content-encoding: gzip
server: Server
age: 213
etag: d2bbe61d6c9cfd2f9d26c66417c4fb1e
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6fdf2ccc380f11286f9756c9578f26c6.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: ZAG50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: 7KnjqYhn.fTYs_joiF9hMVX.bWg_6oV9
x-amz-cf-id: QzzoqsQOUn9NO451k_B6JqKKig8LetnUd3iCwITloEJTO1WJ5ufGew==

GET
H2 200 prebid.js Show response
cdns.yieldscale.com/ 314 KB
100 KB 66ms
19ms Script
text/javascript 35.201.77.229
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.yieldscale.com/prebid.js
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.77.229 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 229.77.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 476a6e2d103abde2b6b33c23a85b69b8b7ddc9e6925fdf8ac1ea3e33e2f76ea2

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:30:01 GMT
content-encoding: gzip
age: 1132
x-guploader-uploadid: ABg5-UzswlEa0HOGo-Ek0nWse5YbFp2ziKU9tlYnCpgL9Sd84NWdQnVv-geo05vOTmkSK9wTJPeqBfiKj8bEkwW_7K4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 101436
last-modified: Mon, 27 Apr 2020 07:25:29 GMT
server: UploadServer
etag: "da8453bb1ba28b54c765c36f78536f5b"
vary: Accept-Encoding
x-goog-hash: crc32c=6YhRFw==, md5=2oRTuxuii1THZcNveFNvWw==
x-goog-generation: 1587972329418765
cache-control: public, max-age=3600
x-goog-stored-content-length: 101436
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 05 Mar 2021 15:30:01 GMT

GET
DATA 200
OK truncated
/ 57 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3b98a72f866cb4404f0feefdacae15a3553cd76c87dfc5b6aedc15d74be0c79

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 63 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 424d7aa78f9cc54fc5354e4a0f30f033808d859e54f119f5cf4a154c9a4a7bba

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 26 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 065aa8ea3d77ee9f106cc0dc40582ea0d629107e67bab1979671e8ebc39ee79d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 39 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1e6b260b3a8481c8ad4b8626f956c0b982d1b9e6284ab07c7becd13f3accad3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 die_aktuellen_corona_regeln_800px400px.jpg
www.nordkurier.de/sites/default/files/corona-regeln/ 47 KB
48 KB 15ms
14ms Image
image/jpeg 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordkurier.de/sites/default/files/corona-regeln/die_aktuellen_corona_regeln_800px400px.jpg

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60ab2335ec8434c18760ea5364294f7bacd340a016ca18d757940cd3bfa041f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1492207
cf-ray: 62b425d67ade16ee-FRA
content-length: 48624
cf-request-id: 08a475fa0b000016eefb8e5000000001
last-modified: Fri, 08 Jan 2021 13:56:36 GMT
server: cloudflare
etag: "bdf0-5b863ecb34d00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-varnish: 731936
cache-control: public, max-age=11229800
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
DATA 200
OK truncated
/ 78 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f919a3e3d15c28f9cafb1f71c0ffcd8300707a35378bab7400209d72cd3e9b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 22 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d2e2566a703d54107df2ab5dda957369a58840e676fcc607359dd440167b5a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 1 KB
1 KB 21ms
6ms XHR
application/json 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210305

Requested by

Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7f26a6d3b30fbb8891f33c8f33cea75bfc41bd9e604508ad9007145ab2362c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 13648
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 753
etag: W/"53f-7eH6CL7Yauz8u0bWx4w3AXaIXCs"
x-served-by: cache-fra19177-FRA, cache-hhn4024-HHN
date: Fri, 05 Mar 2021 14:48:53 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nordkurier.de

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nordkurier.de

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H/1.1 200
OK 7554717,6374982,6374986,6374988 Show response
ad.yieldlab.net/yp/ 2 B
853 B 127ms
49ms XHR
application/json 2.17.187.27
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.yieldlab.net/yp/7554717,6374982,6374986,6374988?ts=1614955733577&json=true&gdpr=false
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.17.187.27 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-17-187-27.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:53 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa OUR IND COM NAV INT"
Access-Control-Allow-Methods: GET
Content-Language: en-US
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
Content-Length: 2
Expires: Thu, 04 Mar 2021 14:48:53 GMT

GET
H2 200 arj Show response
msodigital-d.openx.net/w/1.0/ 172 B
561 B 90ms
44ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://msodigital-d.openx.net/w/1.0/arj?ju=https://www.nordkurier.de/&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=ccb462c5-a6d9-4d6f-8551-974ff85f6ca8,f351c830-36db-475a-8f92-7eafe45302b6,49f1a802-33eb-4b24-a385-3b8631c569a0,075fa2c7-bbcc-4f69-b946-430cc23329db&nocache=1614955733580&gdpr=0&aus=728x90|728x90,800x250|300x600,160x600,120x600|300x600,160x600,120x600&divIds=leaderboard_1,billboard_1,skyscraper_1,skyscraper_2&auid=540267842,540267835,540267844,540298790
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 582ea3d7202f90390f5c647b3593fa39da561d85025f9a40e3e5a49fae6dba86

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
server: OXGW/16.202.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.nordkurier.de
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 163
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
1010 B 184ms
117ms XHR
application/json 184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=286063&v=7.2&r={%22id%22:%2211a8a8d734b8374%22,%22imp%22:[{%22id%22:%2212c784bca63ce87%22,%22ext%22:{%22siteID%22:%22286063%22,%22sid%22:%22728x90%22},%22banner%22:{%22w%22:728,%22h%22:90,%22topframe%22:1}},{%22id%22:%2214f0206dd980eca%22,%22ext%22:{%22siteID%22:%22291456%22,%22sid%22:%22300x600%22},%22banner%22:{%22w%22:300,%22h%22:600,%22topframe%22:1}},{%22id%22:%22150944d444000ad%22,%22ext%22:{%22siteID%22:%22291456%22,%22sid%22:%22300x600%22},%22banner%22:{%22w%22:300,%22h%22:600,%22topframe%22:1}}],%22site%22:{%22page%22:%22https://www.nordkurier.de/%22},%22ext%22:{%22source%22:%22prebid%22},%22regs%22:{%22ext%22:{%22gdpr%22:0}},%22user%22:{%22ext%22:{%22consent%22:%22%22}}}&ac=j&sd=1
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0ba2ddd9d71ea614c25abe91d4ee47c6cb8467ade7e7d97feb4e6437448db3ad

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:53 GMT
Content-Encoding: gzip
Server: Apache
Vary: Is-Traffic-Invalid,Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Fri, 05 Mar 2021 14:48:53 GMT

POST
H/1.1 204
No Content v1 Show response
prg.smartadserver.com/prebid/ 0
332 B 111ms
38ms XHR
application/json 185.86.139.96
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.nordkurier.de
x-smrt-reason: 5
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 204
No Content v1 Show response
prg.smartadserver.com/prebid/ 0
332 B 110ms
37ms XHR
application/json 185.86.139.96
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:52 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.nordkurier.de
x-smrt-reason: 5
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 204
No Content v1 Show response
prg.smartadserver.com/prebid/ 0
332 B 126ms
45ms XHR
application/json 185.86.139.96
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.nordkurier.de
x-smrt-reason: 5
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 204
No Content v1 Show response
prg.smartadserver.com/prebid/ 0
332 B 217ms
127ms XHR
application/json 185.86.139.96
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:52 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://www.nordkurier.de
x-smrt-reason: 5
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 166ms
84ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19998&site_id=235660&zone_id=1162636&size_id=2&p_pos=atf&gdpr=0&rf=https%3A%2F%2Fwww.nordkurier.de%2F&tk_flint=pbjs_lite_v3.17.0&x_source.tid=ccb462c5-a6d9-4d6f-8551-974ff85f6ca8&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4590959586980814
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 635466c20a45e99be137668666a829f19f2cc4f92cab3ef932cd1ab3262dc543

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 181ms
96ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19998&site_id=235660&zone_id=1162636&size_id=2&alt_size_ids=125&gdpr=0&rf=https%3A%2F%2Fwww.nordkurier.de%2F&tk_flint=pbjs_lite_v3.17.0&x_source.tid=f351c830-36db-475a-8f92-7eafe45302b6&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5281292211399475
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: adf9b08be034d0a94564f169f18c9f823faebc4092a7744e7e923222c0b53f88

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 262 B
2 KB 176ms
89ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19998&site_id=235660&zone_id=1162636&size_id=9&alt_size_ids=8%2C10&gdpr=0&rf=https%3A%2F%2Fwww.nordkurier.de%2F&tk_flint=pbjs_lite_v3.17.0&x_source.tid=49f1a802-33eb-4b24-a385-3b8631c569a0&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.31701977719130636
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 144c6e062a9a391ff0df314ca618fca1b0f3f18d18ad06026d8690640f56e206

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 262
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 262 B
2 KB 177ms
87ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19998&site_id=235660&zone_id=1162636&size_id=9&alt_size_ids=8%2C10&gdpr=0&rf=https%3A%2F%2Fwww.nordkurier.de%2F&tk_flint=pbjs_lite_v3.17.0&x_source.tid=075fa2c7-bbcc-4f69-b946-430cc23329db&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.08572015348708706
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 3de4b591f615b7d98b666c01a76dc3963dc9877e9240a29595eaed13690f24d2

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 262
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
118 B 196ms
129ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.nordkurier.de
date: Fri, 05 Mar 2021 14:44:36 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 496 B
1 KB 373ms
315ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

1c9b62cdf65fe3e6565ebd3791927ce48feefb18de286956c1e22b422db4b4f3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:53 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.153:80
AN-X-Request-Uuid: 59dadc31-5e61-45f1-9cd5-34931682c641
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 496
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
147 B 110ms
34ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=28&wv=3.17.0&cb=86528439509
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.nordkurier.de
date: Fri, 05 Mar 2021 14:48:52 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
263 B 58ms
57ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.nordkurier.de&callback=_gfp_s_&client=ca-pub-7351608356042114

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7351608356042114&plah=www.nordkurier.de&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

9cc7b484043b43b1f166bfff3c3ed7414e6cbaa2e39a44fd1723e3b20bcf0ea5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A144 54 B
204 B 41ms
40ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&addtl_consent=1~&client=ca-pub-7351608356042114&output=html&adk=1812271804&adf=3025194257&lmt=1614955666&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nordkurier.de%2F&ea=0&flash=0&pra=5&wgl=1&dt=1614955733238&bpp=22&bdt=177&idt=144&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7398043665558&frm=20&pv=2&ga_vid=1461207546.1614955734&ga_sid=1614955734&ga_hid=2019150982&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C44737563&oid=3&pvsid=2072175501144971&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=380

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=0&addtl_consent=1~&client=ca-pub-7351608356042114&output=html&adk=1812271804&adf=3025194257&lmt=1614955666&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nordkurier.de%2F&ea=0&flash=0&pra=5&wgl=1&dt=1614955733238&bpp=22&bdt=177&idt=144&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7398043665558&frm=20&pv=2&ga_vid=1461207546.1614955734&ga_sid=1614955734&ga_hid=2019150982&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C44737563&oid=3&pvsid=2072175501144971&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=380
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nordkurier.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nordkurier.de/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 05 Mar 2021 14:48:53 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 05-Mar-2021 15:03:53 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 05 Mar 2021 14:48:53 GMT
cache-control: private

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774803212306"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28399
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
5 KB 76ms
76ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2072175501144971&correlator=3797725002417401&output=ldjh&impl=fifs&vrg=2021030101&ptt=17&gdpr=0&addtl_consent=1~&sc=1&sfv=1-0-37&ecs=20210305&iu_parts=68792739%2Ccustom_size_1%2Ccustom_size_2%2Ccustom_size_3%2Ccustom_size_4%2Ccustom_size_5&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=1x1%2C1x1%2C1x1%2C1x1%2C1x1&eri=1&cust_params=nk_zone%3Dstartseite%26nk_paid_user%3Dfalse%26faktor_width%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1614955666&dt=1614955733627&dlt=1614955733061&idt=388&frm=20&biw=1600&bih=1200&oid=3&adxs=800%2C800%2C800%2C800%2C800&adys=4896%2C4897%2C4898%2C4899%2C4900&adks=1309884379%2C3399563317%2C376003553%2C3231319058%2C2500072743&ucis=1%7C2%7C3%7C4%7C5&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nordkurier.de%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x4965%7C1600x4965%7C1600x4965%7C1600x4965%7C1600x4965&msz=1344x1%7C1344x1%7C1344x1%7C1344x1%7C1344x1&ga_vid=1461207546.1614955734&ga_sid=1614955734&ga_hid=2019150982&fws=0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ed9d4a95733c5db922a5387180876383a34063b3312d0e6b23c31bbe6d4be426

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4916
x-xss-protection: 0
google-lineitem-id: -2,4639538383,-2,-2,4891630451
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,138238374796,-2,-2,138254397207
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nordkurier.de
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
32e9ec56d9860726db9fe3d08cac0ce1.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 50ms
13ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://32e9ec56d9860726db9fe3d08cac0ce1.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 7ms
6ms Other
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/ 146 KB
50 KB 32ms
31ms Script
text/javascript 2600:9000:20d7:ce00:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20d7:ce00:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d94c3ec221837b9a5916ef4c69ee1530a280b4899bac220714195f66b3b7661e

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:44:18 GMT
content-encoding: br
last-modified: Fri, 05 Mar 2021 14:37:11 GMT
server: AmazonS3
age: 276
etag: W/"adca5d8285022c543491be9fda87429d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: yT8fRpJ2SizBkIDspjKILB.21u1YDaeq
via: 1.1 7e8e21f463faf38ee9cfcd5ec5e09b6d.cloudfront.net (CloudFront)
cache-control: public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop: ZAG50-C1
content-type: text/javascript
x-amz-cf-id: S22qJKKTcS4YjoBZtG8IL3SB3Kmpx35Q05_0-_t6Dw02BZo481F3lQ==

GET
H/1.1

200
OK

tx.io Show response
de.ioam.de/
Redirect Chain

https://de.ioam.de/tx.io?st=nordkuri&cp=Homepage&sc=yes&sv=ke&co=kommentar&ct=0100000000&pt=CP&ps=lin&er=N22&rf=&r2=&ur=www.nordkurier.de&xy=1600x1200x24&lo=CH%2FZurich&cb=0018&i2=00181f4b8307ae730...
https://de.ioam.de/tx.io?st=nordkuri&cp=Homepage&sc=yes&sv=ke&co=kommentar&ct=0100000000&pt=CP&ps=lin&er=N22&rf=&r2=&ur=www.nordkurier.de&xy=1600x1200x24&lo=CH%2FZurich&cb=0018&i2=00181f4b8307ae730...

0
717 B

28ms
28ms

Script
application/x-javascript

91.215.103.65
INFONLINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://de.ioam.de/tx.io?st=nordkuri&cp=Homepage&sc=yes&sv=ke&co=kommentar&ct=0100000000&pt=CP&ps=lin&er=N22&rf=&r2=&ur=www.nordkurier.de&xy=1600x1200x24&lo=CH%2FZurich&cb=0018&i2=00181f4b8307ae730604244d5&ep=1637786786&vr=423&id=qn28vx&i3=00181f4b8307ae730604244d5%3A1646232533651%3A1614955733651%3A.nordkurier.de%3A1%3Anordkuri%3AHomepage%3Anoevent%3A1614955733651&n1=9&dntt=0&lt=1614955733652&ev=&cs=yxrio8&mo=1&sr=71
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.215.103.65 , Germany, ASN43407 (INFONLINE-AS, NL),
Reverse DNS
Software: nginx / BLACKBIRD-RCV v1.06.2 0045
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx
X-Powered-By: BLACKBIRD-RCV v1.06.2 0045
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
P3P: policyref=https://script.ioam.de/p3p.xml, CP=NOI DSP NID PSAa OUR NOR UNI COM NAV
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/x-javascript
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookies

Redirect headers

Date: Fri, 05 Mar 2021 14:48:53 GMT
Access-Control-Allow-Origin: *
X-Powered-By: BLACKBIRD-RCV v1.06.2 0045
Transfer-Encoding: chunked
P3P: policyref=https://script.ioam.de/p3p.xml, CP=NOI DSP NID PSAa OUR NOR UNI COM NAV
Connection: keep-alive
Pragma: no-cache
Last-Modified: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: /tx.io?st=nordkuri&cp=Homepage&sc=yes&sv=ke&co=kommentar&ct=0100000000&pt=CP&ps=lin&er=N22&rf=&r2=&ur=www.nordkurier.de&xy=1600x1200x24&lo=CH%2FZurich&cb=0018&i2=00181f4b8307ae730604244d5&ep=1637786786&vr=423&id=qn28vx&i3=00181f4b8307ae730604244d5%3A1646232533651%3A1614955733651%3A.nordkurier.de%3A1%3Anordkuri%3AHomepage%3Anoevent%3A1614955733651&n1=9&dntt=0&lt=1614955733652&ev=&cs=yxrio8&mo=1&sr=71
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookies
Expires: Thu, 05 Mar 2020 14:48:53 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 124 B
511 B 210ms
208ms XHR
text/javascript 65.9.24.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3873&u=https%3A%2F%2Fwww.nordkurier.de%2F&pid=o9iQXeM0AKsSu&cb=0&ws=1600x1200&v=7.60.00&t=1500&slots=%5B%7B%22sd%22%3A%22leaderboard_1%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%2C%7B%22sd%22%3A%22billboard_1%22%2C%22s%22%3A%5B%22728x90%22%2C%22800x250%22%5D%7D%2C%7B%22sd%22%3A%22skyscraper_1%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%5D%7D%2C%7B%22sd%22%3A%22skyscraper_2%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%5D%7D%5D&cfgv=0&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.24.128 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 751e76567e79dd1e11621b9799a06e9e55c46115c1e4ab9651b0d2d5e273bafe

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: ZAG50-C1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.nordkurier.de
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 131
via: 1.1 6fdf2ccc380f11286f9756c9578f26c6.cloudfront.net (CloudFront)
x-amz-cf-id: PZPdIlI-ItWmzb_bEQvndYZGLHiyq43BW4Mb7QEKMY-qx_GNifKkHg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 127ms
42ms XHR
application/javascript 65.9.24.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.24.128 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 8kbPIzTLk7_TMvnggUSDACBTugDfX2qC
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 56036
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 29 Jan 2021 06:42:57 GMT
server: AmazonS3
date: Thu, 04 Mar 2021 23:14:57 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 38a3f663851a0597e7026100a58b9b39.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: ZAG50-C1
x-amz-cf-id: R59K_d5CSY0zjMDTB6oJRhtIow3yqFavQnSmmB1r_fsiUN935sLFAQ==

GET
DATA 200
OK truncated
/ 136 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: adb1a7210a8f3e3a81e77246cfec32611759069f8510f3a2f413f9a3c4058e0f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 36 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 672a6c0deba486e5a9ccf61c0c0eed580d5dd254cd11a20a663e93043c7d7d14

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 57 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d79e730c3217e49b9289f7626de09b37029030b51947ba3e39209553b5d45afc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 687F 0
0 61ms
60ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssU4l4-qTqcyJh28OD_mlorMUS1V3_HWx10hEsgj9P8DuTeuG2fP_NQIn4unqv4OMcf5oPjX4Tnfc4SsiZnEzhYu92WAV8Qr_LKH_Vn6_swH0sy-tf9peRL-gg-XiNlzOuVXIUZn3VABYjfdORUFVyUWg0jRzY06Cwt7T5TdKOkFGCwbGbQrVWr4pWIk-nM7gHqAiU3P32kQtZ6o-jIQWSRSCNoREuajK4Xj3xSWc0KSzdNvnyNwibl_JuhIyDx-n1Ulw4i7xp_-ULNBPyLNVU_qoIKNUeCbIkqcjxORsvp0TkkqQ&sai=AMfl-YQK3eJfG9PsS_g9NkJyY54hcWnJBlECvUuZ8TzSkvXEMjMWWJflKavEZuL3bVvIzIbGgHFjDvgav0VK78tUYlIaidoJXBd7Z07C1HUy7qp9f8Xziytb5IMdqAnDz01E&sig=Cg0ArKJSzJ7K56H6Hj9-EAE&urlfix=1&adurl=

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:53 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H/1.1 200
OK rd.loader.php Show response
cdn.recognified.net/ Frame 687F 176 KB
176 KB 155ms
63ms Script
application/javascript 85.159.214.153
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.recognified.net/rd.loader.php?pub_id=157
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.214.153 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: dbb2ea22cdc1a725060500c31314ffca20fd08ef637484137fe381b2f5267334

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 687F 110 KB
33 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 097E 0
0 63ms
62ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuAYqdYp8ZP1mVJuBc5DNYmI4Uwc_xWqgHYGu52TA22DGux75yAKm0w1XhQqiBSbTrIouI22Gv_gpB_3YTPT_79FY9O-PNTaKTJYf14xgVQ4kExiyEiPAduxigl_g2nI_x30eH1MRA18K3MclYS36e7xOL3W0FdNLsWA6KtQLDH3L7i96gXAUTkaPe3LF0yRl3-yVLGspNTms_b-rfh-d8r6Txyi_uhNQUf-4yCTOFOwCxSOc-0mn_YuemMu-BlDsXlpZr2OIhSbtm6lEGE3Et-3BYyWmKpTzk7P2cgUt_iJvwt7w&sai=AMfl-YT_PtrYDuZWoIg4Dmnt7CFqFQSwOtfdwpJsn4lStiMTzNOEtx0BsseDCkzu0mI1zYm_Hou1VlgEfyd0c19wnR2eeaMdqvzKffI6CKzBKjFgfZAToKsCV8yw3m9hBVxa&sig=Cg0ArKJSzJQTO7Wc-km6EAE&urlfix=1&adurl=

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:53 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H/1.1 200
OK rd.loader.php Show response
cdn.recognified.net/ Frame 097E 176 KB
176 KB 152ms
66ms Script
application/javascript 85.159.214.153
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.recognified.net/rd.loader.php?pub_id=335
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.159.214.153 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 097709ff4c669c09fb17a967cc2e672bbdfe06134fc08825245e7a4f58a49e5d

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:53 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 097E 110 KB
33 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
DATA 200
OK truncated
/ 28 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2e34a3943044ec0fe8723939d6897a88ca3a2bd449f69c2c3edf31dee964b75

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 30 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42e9ceb939f47bcdd4c08b23a0e4f052cce093e397b1c1aed5b4efcf4b227412

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 61 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1effa035680cdc509202de3b256b58035b550c4d1f90559a1b3b76b2e704ad07

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 42 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1b38e2f012637d84dd5b6b38806326a1e0ff0ee39b332a490c7df2424d14e4e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 37 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10298f5bc5d513af549d678baa21e0b3acc149437732164ab9210c95cfd6cac8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 nk.jpg
www.nordkurier.de/sites/default/files/epaper-preview/ 345 KB
346 KB 18ms
17ms Image
image/jpeg 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordkurier.de/sites/default/files/epaper-preview/nk.jpg?2021-03-05-15

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d6c2aebdcee05cbd50b4328248658e1c8bef2110ee31bb1bd1260e013ab2b2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2911
cf-ray: 62b425d88cee16ee-FRA
content-length: 353758
cf-request-id: 08a475fb53000016eef7146000000001
last-modified: Thu, 04 Mar 2021 23:35:03 GMT
server: cloudflare
etag: "565de-5bcbe6ab119b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-varnish: 47210535
cache-control: public, max-age=11229800
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 banner-webkiosk.jpg
www.nordkurier.de/sites/default/files/ 14 KB
15 KB 23ms
22ms Image
image/jpeg 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordkurier.de/sites/default/files/banner-webkiosk.jpg

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0154177bb90d6090ec7656a5a281c418be5af5a9718ff1a0bdfd5982736dc63

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: MISS
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2527444
cf-ray: 62b425d88cef16ee-FRA
content-length: 14743
cf-request-id: 08a475fb53000016ee250a5000000001
last-modified: Fri, 14 Jul 2017 09:00:26 GMT
server: cloudflare
etag: "3997-5544347b2de80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-varnish: 3010792
cache-control: public, max-age=11229800
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H2 200 plus-banner
www.nordkurier.de/sites/default/files/2021/02/ 7 KB
7 KB 68ms
67ms Image
image/png 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordkurier.de/sites/default/files/2021/02/plus-banner

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be43bc50423e590dd52e3abc1c7a573236ba00e1bb413686433bfbeb335afba8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Fri, 05 Mar 2021 14:48:53 GMT
via: 1.1 varnish (Varnish/5.2)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 2761
content-type: image/png
content-location: plus-banner.png
content-length: 7189
cf-request-id: 08a475fb59000016ee250a6000000001
last-modified: Wed, 17 Feb 2021 09:56:06 GMT
server: cloudflare
etag: "1c15-5bb853a41f980;5bc6793f9e683"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: negotiate
x-varnish: 49251140 48930450
cache-control: public, max-age=11229800
tcn: choice
accept-ranges: bytes
cf-ray: 62b425d88cf116ee-FRA

GET
DATA 200
OK truncated
/ 103 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 636434ac8a7ca6d6fdb6f3f55c15d28a5e68d53bb793be69c4b76ff91e29e491

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 36 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b57d65c9e0883f0785c71a9ce6601df21ce055833409800e12de454cdea2e3e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 36 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cda104feb0a99371716601593abb5105faefcc150757bbf88df1e2c573ee4719

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 30 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86ea3e40f770ec6008f33e0d669f5113299ca245ddb54100b9e06071fba8643d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 29 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19866831a184a743c212097d8741965613719f3fdd5ecbc1a5ba2a9ba9cf74cf

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 62 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6337d8f14db18c6ad2de4250cd3a6a704f3a0eb69415af3d910678199630d5fb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-Q050 200 async-ads.js Show response
cse.google.com/adsense/search/ 182 KB
63 KB 43ms
29ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__de.js?usqp=CAI%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7be6ea471376a554ac2ed8e92739dceca2f341fa900bf25a6135a8b09cd3bdce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "13358083581237655570"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H2 204 generate_204
www.googleapis.com/ 0
182 B 27ms
5ms Image
text/plain 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleapis.com/generate_204
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3-Q050 200 branding.png
www.google.com/cse/static/images/1x/de/ 1 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/de/branding.png

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee9e63e519096342d5899e32f1a38b4880ffba6b2aff64178b955a3b7f3a80d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 09:18:57 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 19796
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1512
x-xss-protection: 0
expires: Sat, 05 Mar 2022 09:18:57 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
39 B 8ms
5ms Image
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:53 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

Cookie set iu3 Show response
aax-eu.amazon-adsystem.com/s/ Frame B8E7
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt&dcc=t

246 B
936 B

204ms
204ms

Document
text/html

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt&dcc=t
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 7478f66b4bc40e64519e23b06fc667b83bf6441d8548ce5bbbd8d8af416161b4

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.nordkurier.de/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A-cGWZNspkSeueSHkqo9uT0|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nordkurier.de/

Response headers

Server: Server
Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 199
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A-cGWZNspkSeueSHkqo9uT0; Domain=.amazon-adsystem.com; Expires=Fri, 01-Oct-2021 14:48:54 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Apr-2026 14:48:54 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt&dcc=t
Set-Cookie: ad-id=A-cGWZNspkSeueSHkqo9uT0|t; Domain=.amazon-adsystem.com; Expires=Fri, 01-Oct-2021 14:48:54 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
777 B 44ms
30ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nordkurier.de

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nordkurier.de

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 75 KB
21 KB 448ms
447ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2072175501144971&correlator=1183697394153392&output=ldjh&impl=fifs&vrg=2021030101&ptt=17&gdpr=0&addtl_consent=1~&sc=1&sfv=1-0-37&ecs=20210305&iu_parts=68792739%2Cleaderboard_1%2Cbillboard_1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=728x90%2C728x90%7C800x250&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=nk_zone%3Dstartseite%26nk_paid_user%3Dfalse%26faktor_width%3Dfalse&cookie=ID%3Dd630a8e6d68455df-22a19180b3ba00c6%3AT%3D1614955733%3AS%3DALNI_MYgcvSurR1mlikibW-A6-EZt8aDoQ&bc=31&abxe=1&lmt=1614955666&dt=1614955733996&dlt=1614955733061&idt=388&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C223&adys=0%2C204&adks=2998627492%2C1905015806&ucis=6%7C7&ifi=7&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nordkurier.de%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x11887%7C833x250&msz=1344x100%7C833x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9JOUkp7rQEGEtmFRP0xy_NV3fyHUuXUsGpJHernPyI5Jx5ISGRhiIJtUVdbe--yjOFZS7KWCUsWofy%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H_qFeUZQbdX0G1lF-8FNoq52GbVhBie0MaroosU9F_-0M5qf7tuU6GrE_kLViyOzFAs6pVmTnq353ok&ga_vid=1461207546.1614955734&ga_sid=1614955734&ga_hid=2019150982&fws=0%2C4&ohw=0%2C1300

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

73e79137900ce844bdef7c22213c8831301e8cd9993f436a32e38adf2203abb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21645
x-xss-protection: 0
google-lineitem-id: 5599660226,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138337742774,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nordkurier.de
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
concheck.adsafety.net/ Frame 687F 58 B
407 B 158ms
91ms XHR
application/json 145.239.0.62
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://concheck.adsafety.net/?_f=json&c=rf&req=bl&u=https%3A%2F%2Fwww.nordkurier.de%2F
Requested by: Host: cdn.recognified.net
URL: https://cdn.recognified.net/rd.loader.php?pub_id=157
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.0.62 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 43cd126eb9752e69671da27860604f05bd8c005b29d4e6bd3586aeee0f76eb4e

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H/1.1 200
OK md.tracking.php
rads.recognified.net/ Frame 687F 43 B
432 B 94ms
28ms Image
image/gif 172.105.89.40
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rads.recognified.net/md.tracking.php?t=lead&lead_event=92&lead_type=web_interaction&type=normal&campaign_id=10779&lead_title=pageimp&ad_id=31336&pub_id=157
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.105.89.40 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:54 GMT
Last-Modified: Fri, 05 Mar 2021 14:48:54 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

/
cm.adsafety.net/ Frame 687F
Redirect Chain

https://rads.recognified.net/cm/
https://cm.adsafety.net/?_cmsrc=rf&midt=100&mdid=dc2974c458f131752f64c7a6200003c9
https://tags.adsafety.net/v1/cm?cm_uid=CM1202103051497df75ec42428d74c3c&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Ddspx%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=dspx&idt=100&did=c0adb5c96f8b24249e2ef9d1c8806d03
https://buyer.dspx.tv/cm/?cmsrc=cm&cm_uid=CM1202103051497df75ec42428d74c3c&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Ddspx%26_chainsrc%3Ddspx%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D
https://cm.adsafety.net/?_cmsrc=dspx&_chainsrc=dspx&idt=100&did=dc2974c458f131752f64c7a6200003c9
https://cm.g.doubleclick.net/pixel?google_nid=permodo_dbm&google_cm&google_hm=Q00xMjAyMTAzMDUxNDk3ZGY3NWVjNDI0MjhkNzRjM2M
https://cm.adsafety.net/?_cmsrc=dbm&idt=100&did=[google_gid]&google_gid=CAESEMh7aAQpmx8XUngpj1HYm0k&google_cver=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=admans&ttd_tpi=1
https://cm.adsafety.net/?_cmsrc=ttdx&idt=100&did=f64f6f07-603f-43db-9460-3026443906c6
https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_hm=Q00xMjAyMTAzMDUxNDk3ZGY3NWVjNDI0MjhkNzRjM2M
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESEN-VS2flW_FBJvj7zGEYj4U&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEN-VS2flW_FBJvj7zGEYj4U&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=c0adb5c96f8b24249e2ef9d1c8806d03&uid=c0adb5c96f8b24249e2ef9d1c8806...

43 B
3 KB

48ms
47ms

Image
image/gif

212.71.252.71
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEN-VS2flW_FBJvj7zGEYj4U&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=c0adb5c96f8b24249e2ef9d1c8806d03&uid=c0adb5c96f8b24249e2ef9d1c8806d03&data[stv][idt_did_status]=added&gdpr_consent=
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.71.252.71 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:56 GMT
Last-Modified: Fri, 05 Mar 2021 14:48:56 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

Redirect headers

Access-Control-Allow-Origin: *
Date: Fri, 05 Mar 2021 14:48:56 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
Location: https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEN-VS2flW_FBJvj7zGEYj4U&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=c0adb5c96f8b24249e2ef9d1c8806d03&uid=c0adb5c96f8b24249e2ef9d1c8806d03&data[stv][idt_did_status]=added&gdpr_consent=
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 687F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 072a4db63827f5ec6f37dcc9ebe3d08e5d2f282de0ac807d852e55ff2973d4e7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK / Show response
concheck.adsafety.net/ Frame 097E 58 B
407 B 158ms
100ms XHR
application/json 145.239.0.62
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://concheck.adsafety.net/?_f=json&c=rf&req=bl&u=https%3A%2F%2Fwww.nordkurier.de%2F
Requested by: Host: cdn.recognified.net
URL: https://cdn.recognified.net/rd.loader.php?pub_id=335
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.0.62 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 43cd126eb9752e69671da27860604f05bd8c005b29d4e6bd3586aeee0f76eb4e

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://www.nordkurier.de
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET /
adx.adform.net/adx/ Frame 097E 0
0

GET
H/1.1

200
OK

/
cm.adsafety.net/ Frame 097E
Redirect Chain

https://rads.recognified.net/cm/
https://cm.adsafety.net/?_cmsrc=rf&midt=100&mdid=dc2974c458f131752f64c7a6200003c9
https://tags.adsafety.net/v1/cm?cm_uid=CM1202103051497df75ec42428d74c3c&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Ddspx%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=dspx&idt=100&did=c0adb5c96f8b24249e2ef9d1c8806d03
https://buyer.dspx.tv/cm/?cmsrc=cm&cm_uid=CM1202103051497df75ec42428d74c3c&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Ddspx%26_chainsrc%3Ddspx%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D
https://cm.adsafety.net/?_cmsrc=dspx&_chainsrc=dspx&idt=100&did=dc2974c458f131752f64c7a6200003c9
https://cm.g.doubleclick.net/pixel?google_nid=permodo_dbm&google_cm&google_hm=Q00xMjAyMTAzMDUxNDk3ZGY3NWVjNDI0MjhkNzRjM2M
https://cm.adsafety.net/?_cmsrc=dbm&idt=100&did=[google_gid]&google_gid=CAESEMh7aAQpmx8XUngpj1HYm0k&google_cver=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=admans&ttd_tpi=1
https://cm.adsafety.net/?_cmsrc=ttdx&idt=100&did=6c5ee20f-f4b8-4ce4-849e-22182897b672
https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_hm=Q00xMjAyMTAzMDUxNDk3ZGY3NWVjNDI0MjhkNzRjM2M
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESEN-VS2flW_FBJvj7zGEYj4U&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEN-VS2flW_FBJvj7zGEYj4U&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=c0adb5c96f8b24249e2ef9d1c8806d03&uid=c0adb5c96f8b24249e2ef9d1c8806...

43 B
3 KB

46ms
46ms

Image
image/gif

212.71.252.71
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEN-VS2flW_FBJvj7zGEYj4U&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=c0adb5c96f8b24249e2ef9d1c8806d03&uid=c0adb5c96f8b24249e2ef9d1c8806d03&data[stv][idt_did_status]=added&gdpr_consent=
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.71.252.71 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:56 GMT
Last-Modified: Fri, 05 Mar 2021 14:48:56 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

Redirect headers

Access-Control-Allow-Origin: *
Date: Fri, 05 Mar 2021 14:48:56 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
Location: https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEN-VS2flW_FBJvj7zGEYj4U&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=c0adb5c96f8b24249e2ef9d1c8806d03&uid=c0adb5c96f8b24249e2ef9d1c8806d03&data[stv][idt_did_status]=added&gdpr_consent=
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK md.tracking.php
rads.recognified.net/ Frame 097E 43 B
432 B 43ms
30ms Image
image/gif 172.105.89.40
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rads.recognified.net/md.tracking.php?t=lead&lead_event=92&lead_type=web_interaction&type=normal&campaign_id=10779&lead_title=pageimp&ad_id=31336&pub_id=335
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.105.89.40 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:54 GMT
Last-Modified: Fri, 05 Mar 2021 14:48:54 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 097E 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8a6e40edc3b956f2c8930fc6d6df9f4a769187f5404ffd5bf5f78b5349c465e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 &iw=801.328125&ih=451&geo_cntr=&imgSrc=https%3A%2F%2Fwww.nordkurier.de%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fartikel_bild_640px%2Fpublic%2Fdcx%2Fimages%2F2021%2F03%2F05%2Fdoc7es6cipz154i90ro8oy_file... Show response
www.nordkurier.de/ Frame 7D30 234 B
395 B 30ms
30ms Script
text/html 2606:4700:10::ac43:25fc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nordkurier.de/&iw=801.328125&ih=451&geo_cntr=&imgSrc=https%3A%2F%2Fwww.nordkurier.de%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fartikel_bild_640px%2Fpublic%2Fdcx%2Fimages%2F2021%2F03%2F05%2Fdoc7es6cipz154i90ro8oy_file7es5ky97wxx14uvc4xzz.jpg%3Fitok%3DD-WzKm-E
Requested by: Host: cdn.recognified.net
URL: https://cdn.recognified.net/rd.loader.php?pub_id=157
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:25fc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbbf0aecb976d3f660a1013762e945889c861fe823437d066a1c0be46c2ad536

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-varnish-cache: HIT
date: Fri, 05 Mar 2021 14:48:54 GMT
via: 1.1 varnish (Varnish/5.2)
cf-cache-status: DYNAMIC
last-modified: Wed, 03 Mar 2021 15:23:42 GMT
server: cloudflare
age: 65
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-varnish: 21818655 49094590
content-type: text/html
cf-ray: 62b425daaebb16ee-FRA
content-encoding: br
cf-request-id: 08a475fca5000016eebe274000000001

GET
H/1.1 200
OK md.tracking.php
rads.recognified.net/ Frame 687F 43 B
432 B 28ms
28ms Image
image/gif 172.105.89.40
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rads.recognified.net/md.tracking.php?t=lead&lead_event=93&lead_type=web_interaction&type=normal&campaign_id=10779&lead_title=imageimp&ad_id=31337&pub_id=335
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.105.89.40 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:54 GMT
Last-Modified: Fri, 05 Mar 2021 14:48:54 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK pr Show response
aax-eu.amazon-adsystem.com/s/v3/ Frame 1640 720 B
719 B 49ms
49ms Document
text/html 52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=rbd_smrt_pm-db5&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: ad5e5a5e801b217ae05b093efeed32034ea9ea53dfd4a4e90fa344cf310e30cb

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt&dcc=t
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A-cGWZNspkSeueSHkqo9uT0; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=pm-db5_rbd_smrt&dcc=t

Response headers

Server: Server
Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 358
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame A8D2 291 B
559 B 114ms
37ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=rbd_smrt_pm-db5&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 4ddc003bfd0366a9c5e059509b3bac51972a8e803904b2a90b6b5c5ee7b26720

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhKa2tjCFRUZWfOQd2r4f5PmnhQaqTCqCKieGkTxzCtT3GWjvGSkTNWjmsGgfE/2wGlVwK8BMqZcvhERs6owWuEKlcU66TGfmMWV7/AA==; ses2=; vis2=235660^1; ses9=; vis9=235660^1; khaos=KLWEY37E-1U-864D; audit=1|hLZGFuTafB0gfpshL24VQHp4/TMPY9XwPI1N7DanxcBQWo2tOjZef7Rkj6ZkXvacN09/Oqj5FKAmGweUluV0N34W9lEQJLmKpmvllXEtYN4=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 28 Sep 2020 17:02:39 GMT
ETag: "40295-123-5b062a240e9c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 238
Content-Type: text/html; charset=UTF-8
Date: Fri, 05 Mar 2021 14:48:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 3D90
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=2&gdpr=0
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7216770368658249930

43 B
344 B

52ms
52ms

Document
image/gif

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7216770368658249930
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=rbd_smrt_pm-db5&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A-cGWZNspkSeueSHkqo9uT0; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Server
Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

date: Fri, 05 Mar 2021 14:48:54 GMT
content-length: 0
location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7216770368658249930
set-cookie: pid=7216770368658249930; expires=Tue, 05 Apr 2022 14:47:54 GMT; domain=smartadserver.com; path=/; samesite=None; secure; samesite=none

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 72EB 8 KB
3 KB 86ms
29ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID&gdpr=0
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=rbd_smrt_pm-db5&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=46435
Expires: Sat, 06 Mar 2021 03:42:49 GMT
Date: Fri, 05 Mar 2021 14:48:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame A6CA 0
0 60ms
59ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsucustpcNDLUcwqrv3HB09VDuTZWqiluW8RhtXZlIOOqpKn6d5SIx6XXmDXgM8Jh_rdh0qik0eldnAkTAIBG6mfKujyCtBc6jbw52VxCGmF1FLCCVz2bX6Dj_rTQzEUfnqsNsLji3AlTL6wmYA5WQu6UMNxqq9am_Vc7C5Jh_QZXmJMDLdI2aHFdanYSpS3scpXAnY-bsTp_rLmtbymLDYSaY_8S0_W-So2dGg3bQTYdBNkTSU0qNq9Pqkfk7hEBxtx9JCbB43fXBityFD2msiasjPOJhd6292gy-DKe_H38fQSKr8&sig=Cg0ArKJSzHF8v33wBYNcEAE&adurl=

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:54 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/ Frame A6CA 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/abg_lite_fy2019.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3b18cc0a385c6d5e81af3d1739aa9565f88e7d6b9a00d2e3b6d732e3b9ba3e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 2412555088240638002
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Mar 2021 14:48:12 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame A6CA 3 KB
2 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/window_focus_fy2019.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:46:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Mar 2021 14:46:47 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A6CA 110 KB
33 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:54 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame A6CA 0
0 15ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSigNs6jd6OdxaUGaDfJh6cV_wbz3w6vk5B_vQxYVUmpIcPrrlbB64dQUeL4Mrv4rPrtGUbBvz2RDKsz_1oSRRae-CY5A
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 17993273333540383585
tpc.googlesyndication.com/simgad/ Frame A6CA 65 KB
66 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17993273333540383585

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

167fab0f94c6cf7bb2a8c5e559e7c65302f714ffbee89263403ade38c22938b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 02:33:04 GMT
x-content-type-options: nosniff
age: 44150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66959
x-xss-protection: 0
last-modified: Tue, 26 Jan 2021 15:47:25 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Mar 2022 02:33:04 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/032103020108001/ Frame 84B4 190 KB
54 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f62d954259f435a0440944e2212186a491e735554dfe068191fcc039c62342

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 232744
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55105
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 22:09:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8cbcd1f838dc3bf4"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 22:09:50 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/032103020108001/v0/ Frame 84B4 12 KB
5 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/v0/amp-ad-exit-0.1.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f9560479a05fb86854546c40ec030edc2bac692d4142391d69b16e5c033a185

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 44148
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4548
x-xss-protection: 0
server: sffe
date: Fri, 05 Mar 2021 02:33:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4eb73d471ab4cb2c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Mar 2022 02:33:06 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/032103020108001/v0/ Frame 84B4 87 KB
27 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/v0/amp-analytics-0.1.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6f768cbb894f2690011ee62662d3ac9480d12f5088fa46be57e650fcc4d835c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 232744
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27208
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 22:09:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "22950e05e749846e"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 22:09:50 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/032103020108001/v0/ Frame 84B4 27 KB
9 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/v0/amp-fit-text-0.1.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21d45a4ed77653b3b1ee2b47a786a4dbb936a3b19fc56e1b44c16aed35eb80ee

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 232744
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9587
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 22:09:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "739644f32ad1483f"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 22:09:50 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/032103020108001/v0/ Frame 84B4 40 KB
13 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/v0/amp-form-0.1.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c6af60796cc240ad277098308cf363c2700f5296264ec1b43b4e1362763c439

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 232744
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12827
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 22:09:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5cc8dcc2368726c7"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 22:09:50 GMT

GET
DATA 200
OK truncated
/ Frame 84B4 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f76f74a2e0841fed2d6a078dd5c3b82033ef69646e8a7ed407809797b249e18

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 5672767491524235226
tpc.googlesyndication.com/simgad/ Frame 84B4 90 KB
90 KB 15ms
14ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5672767491524235226?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlydRVknyV9iAtEU3YjPUVpAcMCSA

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28989fe1f958741fa4dac8dd849c9b294658c38e327307d4943d40f4933da99c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 04:04:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Mar 2020 05:41:04 GMT
server: sffe
age: 38669
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91985
x-xss-protection: 0
expires: Sat, 05 Mar 2022 04:04:25 GMT

GET
H3-Q050 200 de.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 84B4 3 KB
3 KB 14ms
13ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/de.png

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8471f381394962167d7d0cbbd9ffbd1f19d3ef6c48a7d9e3209142e674481368

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 12:56:21 GMT
x-content-type-options: nosniff
server: cafe
age: 6753
etag: 6601037253665971276
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2958
x-xss-protection: 0
expires: Sat, 06 Mar 2021 12:56:21 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 84B4 295 B
325 B 14ms
13ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 22:17:05 GMT
x-content-type-options: nosniff
server: cafe
age: 59509
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 05 Mar 2021 22:17:05 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 84B4 0
0 62ms
61ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CnpmR1kRCYNLyApWK3wPC7YagCYHwxupgx6ukyswN-vK4kOIeEAEgno_xGWD1lc6B4ASgAd3f68sDyAECqQLI0rz4ybGpPuACAKgDAcgDCKoE3wFP0PZOON7_IUQ6fU2ptY45cfkNrszpdXIIjrbd454VYNL6HNt2wmh-HBizLN7vlvT17J0zXWjBosEHSPfIzIp6cxk43igw0mP42RgI8QyU7zGmDaumUmY-0FtkPPpTyZGWs-D4QHwA6aSUDR3e9ipgbUZ6uZ-23O64OU8bMGmPERgTPx8JIwEr2kAKbVToBcLG5aYx0eg0EiF0FDI0ZV2_IHBAXYogo7jQWxSi3KPxjKrC_-_hNJAcTic9vRQwHqSjNztuBCSK7hGJfcLXs5mGFAku4Zv6Y1J39VpoxfTnwATzidvgvAPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAHi6CUNKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDtqG3SCAcIgGEQARgd8ggbYWR4LXN1YnN5bi01NzI2OTg3Mjc1ODk1NjQzgAoDyAsB2BMLshcaChgIABIUcHViLTgwOTE0ODEyMDg2OTQ4NzU&sigh=RkymLSjbOHU&tpd=AGWhJmu6Q98FkfuKRAiQeWIFi-pITRwIYWj5bA78kM-nTkJNNA
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame A6CA 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83a2c0983e186d05e0ced4eabce4a0ff4142531cd5b6b2019b89db32f4d29717

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 00FC 37 KB
14 KB 32ms
32ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID&gdpr=0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID&gdpr=0

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=118810
Expires: Sat, 06 Mar 2021 23:49:04 GMT
Date: Fri, 05 Mar 2021 14:48:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame A6CA 0
0 104ms
73ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsscUmGs0VLYdURLfYN4xaXzhzta5YVVksqig8o74Piz0tnFSIG6k4HOtal7hKMpLiClBKnXgXJhHIu1AqUD59DjJWAAHRkDOQv1acoLWRrbaNk83pYFn3NDI71FlmEOlFwoPxhd9xC6-v4zedruBPWz-VI6UR5aZXygO-1NpKZ-jFuZN-FAFXcSfLCK8XcPm9XjumYvql0umVuyRSRaLUpJu3FFT784xLp3VPOGA1L_SxsKxHCP60svSRT4wv_TyiRzjTo7KxV7OMF4npliwXNT7Mv7XvmTiylxOFMix-WEudF8jXt4Hw&sig=Cg0ArKJSzDNyczCUG9GuEAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:54 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:54 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame A8D2 31 KB
10 KB 39ms
39ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: f9da2c22e98557527f175ed5506ff87c6d1933eaeb42868500675fa86ec5078f

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Jan 2021 20:32:24 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=13621
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9309
Expires: Fri, 05 Mar 2021 18:35:55 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 84B4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
14ms

Image
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Fri, 05 Mar 2021 14:48:54 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 5672767491524235226
tpc.googlesyndication.com/simgad/ Frame 84B4 90 KB
90 KB 8ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5672767491524235226?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlydRVknyV9iAtEU3YjPUVpAcMCSA

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28989fe1f958741fa4dac8dd849c9b294658c38e327307d4943d40f4933da99c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 04:04:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Mar 2020 05:41:04 GMT
server: sffe
age: 38669
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91985
x-xss-protection: 0
expires: Sat, 05 Mar 2022 04:04:25 GMT

GET
H3-Q050 200 de.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 84B4 3 KB
3 KB 6ms
5ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/de.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8471f381394962167d7d0cbbd9ffbd1f19d3ef6c48a7d9e3209142e674481368

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 12:56:21 GMT
x-content-type-options: nosniff
server: cafe
age: 6753
etag: 6601037253665971276
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2958
x-xss-protection: 0
expires: Sat, 06 Mar 2021 12:56:21 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 84B4 295 B
320 B 6ms
6ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 22:17:05 GMT
x-content-type-options: nosniff
server: cafe
age: 59509
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 05 Mar 2021 22:17:05 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 00FC 5 KB
6 KB 162ms
38ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=59325184&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 5c596ed776255883bc27ecdeedf24e41d01c557abbc62a4888b6fe04bd8ea50a

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:52 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame A8D2
Redirect Chain

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu&gdpr=0&gdpr=0
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KLWEY37E-1U-864D&ex=d-rubiconproject.com&status=ok&gdpr=0

43 B
344 B

53ms
52ms

Image
image/gif

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KLWEY37E-1U-864D&ex=d-rubiconproject.com&status=ok&gdpr=0
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:54 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KLWEY37E-1U-864D&ex=d-rubiconproject.com&status=ok&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame A8D2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEHI0b1O-A2VPsDVyY_pgf-I&google_cver=1

42 B
689 B

111ms
32ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEHI0b1O-A2VPsDVyY_pgf-I&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEHI0b1O-A2VPsDVyY_pgf-I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame A8D2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0&_test=YEJE1gAAAKeFVToG
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YEJE1gAAAKeFVToG&gdpr=0&_test=YEJE1gAAAKeFVToG

42 B
689 B

90ms
36ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YEJE1gAAAKeFVToG&gdpr=0&_test=YEJE1gAAAKeFVToG
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1614955735.928119,VS0,VE0
x-served-by: cache-hhn4023-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YEJE1gAAAKeFVToG&gdpr=0&_test=YEJE1gAAAKeFVToG
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame A8D2
Redirect Chain

https://token.rubiconproject.com/token?pid=25470&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S0xXRVkzN0UtMVUtODY0RA==&gdpr=0

170 B
190 B

35ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S0xXRVkzN0UtMVUtODY0RA==&gdpr=0

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S0xXRVkzN0UtMVUtODY0RA==&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame A8D2
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0
https://pr-bh.ybp.yahoo.com/sync/rubicon/XtxNp6_qxe7FAoteAbEJKsn5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5151431532444992176

42 B
689 B

69ms
26ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5151431532444992176
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

date: Fri, 05 Mar 2021 14:48:54 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5151431532444992176
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame A8D2
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=a4286042-44d6-4700-a545-4685137964e6&gdpr=0&gdpr_consent=

42 B
689 B

114ms
30ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=a4286042-44d6-4700-a545-4685137964e6&gdpr=0&gdpr_consent=
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

Date: Fri, 05 Mar 2021 14:48:54 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x30
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=a4286042-44d6-4700-a545-4685137964e6&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame A8D2 70 B
264 B 45ms
44ms Image
image/gif 99.80.71.186
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.71.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-71-186.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame A8D2 0
66 B 74ms
33ms Image
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif?gdpr=0
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.207.148 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:54 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H2

204

v1
ads.yahoo.com/cms/ Frame A8D2
Redirect Chain

https://token.rubiconproject.com/token?pid=26594&gdpr=0
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KLWEY37E-1U-864D&sigv=1&esig=2~af53d849241adc29607576539fbc5e67be75fc48&gdpr=0

0
290 B

8ms
6ms

Image
text/plain

2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KLWEY37E-1U-864D&sigv=1&esig=2~af53d849241adc29607576539fbc5e67be75fc48&gdpr=0

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:54 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KLWEY37E-1U-864D&sigv=1&esig=2~af53d849241adc29607576539fbc5e67be75fc48&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 17A3 43 B
284 B 123ms
40ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=59325184&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Fri, 05 Mar 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1153
date: Fri, 05 Mar 2021 14:48:54 GMT
content-length: 43

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame EA26
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4409913149976251074

42 B
973 B

196ms
38ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4409913149976251074
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=59325184&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156657:2; KADUSERCOOKIE=6C803D81-0BE4-43CD-95F1-41C43B2B0D25; chkChromeAb67Sec=1; DPSync3=1616112000%3A201_227_226_221; SyncRTB3=1616112000%3A161_71_21_56_7_3_166_81_13_88_54_8_22_55%7C1615507200%3A223_2_15%7C1617494400%3A203%7C1616198400%3A35%7C1615766400%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Fri, 05 Mar 2021 14:48:55 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_336=5844-4409913149976251074; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 04-Apr-2021 14:48:55 GMT; path=/ PugT=1614955735; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 04-Apr-2021 14:48:55 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 03-Jun-2021 14:48:55 GMT; path=/
X-lat: Pug23021:0:287
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4409913149976251074
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame A3E1
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFHM3owN0FoSW9BQUJDWVZpZlp6Zw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAG3z07AhIoAABCYVifZzg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAG3z07AhIoAABCYVifZzg&pid=558502&do=add
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAG3z07AhIoAABCYVifZzg&pid=558502&do=add&_bee_ppp=1
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAH-P07AhIoAABB6avKU5A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=6486247112222742846
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAH-P07AhIoAABB6avKU5A

42 B
977 B

38ms
38ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAH-P07AhIoAABB6avKU5A
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=59325184&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Fri, 05 Mar 2021 14:49:01 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_699=22727-AAH-P07AhIoAABB6avKU5A; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 04-Apr-2021 14:49:01 GMT; path=/ PugT=1614955741; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 04-Apr-2021 14:49:01 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 03-Jun-2021 14:49:01 GMT; path=/
X-lat: Pug23041:0:349
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Date: Fri, 05 Mar 2021 14:49:02 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAH-P07AhIoAABB6avKU5A
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6025
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6936182062043166866

42 B
771 B

497ms
37ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6936182062043166866
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=59325184&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156657:2; KADUSERCOOKIE=6C803D81-0BE4-43CD-95F1-41C43B2B0D25; chkChromeAb67Sec=1; DPSync3=1616112000%3A201_227_226_221; SyncRTB3=1616112000%3A161_71_21_56_7_3_166_81_13_88_54_8_22_55%7C1615507200%3A223_2_15%7C1617494400%3A203%7C1616198400%3A35%7C1615766400%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Fri, 05 Mar 2021 14:48:55 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_1101=23040-6936182062043166866; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 04-Apr-2021 14:48:55 GMT; path=/ PugT=1614955735; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 04-Apr-2021 14:48:55 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 03-Jun-2021 14:48:55 GMT; path=/
X-lat: lhrpug009:0:487
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Fri, 05 Mar 2021 14:48:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6936182062043166866; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6936182062043166866

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 8FFC
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=0yn3RRNY99o4WxntVVivWa8Y

42 B
811 B

234ms
41ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=0yn3RRNY99o4WxntVVivWa8Y
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=59325184&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156657:2; KADUSERCOOKIE=6C803D81-0BE4-43CD-95F1-41C43B2B0D25; chkChromeAb67Sec=1; DPSync3=1616112000%3A201_227_226_221; SyncRTB3=1616112000%3A161_71_21_56_7_3_166_81_13_88_54_8_22_55%7C1615507200%3A223_2_15%7C1617494400%3A203%7C1616198400%3A35%7C1615766400%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Fri, 05 Mar 2021 14:48:55 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_409=22966-0yn3RRNY99o4WxntVVivWa8Y&KRTB&23212-0yn3RRNY99o4WxntVVivWa8Y; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 04-Apr-2021 14:48:55 GMT; path=/ PugT=1614955735; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 04-Apr-2021 14:48:55 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 03-Jun-2021 14:48:55 GMT; path=/
X-lat: lhrpug017:0:380
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

server: openresty
date: Fri, 05 Mar 2021 14:48:54 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=0yn3RRNY99o4WxntVVivWa8Y; Max-Age=63072000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=0yn3RRNY99o4WxntVVivWa8Y
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1 200
OK ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 203C 43 B
344 B 57ms
51ms Document
image/gif 52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&ex=pubmatic.com
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A-cGWZNspkSeueSHkqo9uT0; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: Server
Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 00FC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bIA9gQvkQ82V8UHEOysNJQ%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

28ms
27ms

Image
text/html

184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:54 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=46435
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Sat, 06 Mar 2021 03:42:49 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 00FC 95 B
596 B 63ms
43ms Image
image/png 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:54 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 62b425deead716ee-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 08a475ff51000016ee30157000000001

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 00FC
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

59ms
58ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
frontend-id: 3
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
frontend-id: 5
location: /pubmatic/1/info2?sType=sync&sExtCookieId=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

Artemis
aud.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&addseg=31

7 B
147 B

107ms
35ms

Image
text/plain

185.64.189.249
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&addseg=31
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.189.249 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:56 GMT
Connection: keep-alive
Content-Length: 7
Content-Type: text/plain; charset=utf-8

Redirect headers

date: Fri, 05 Mar 2021 14:48:56 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&addseg=31
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 135

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFk_AKuL0Ma0ixbMwSjWG4U&google_cver=1

42 B
1 KB

371ms
38ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFk_AKuL0Ma0ixbMwSjWG4U&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:55 GMT
X-lat: Pug23038:0:368
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFk_AKuL0Ma0ixbMwSjWG4U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6443819192632289527

42 B
770 B

556ms
37ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6443819192632289527
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:55 GMT
X-lat: lhrpug019:0:389
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:55 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6443819192632289527
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b4c56042-44d6-4b00-8694-b7a64af12551&gdpr=0&gdpr_consent=

42 B
1 KB

601ms
40ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b4c56042-44d6-4b00-8694-b7a64af12551&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:54 GMT
X-lat: Pug23047:0:290
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Date: Fri, 05 Mar 2021 14:48:54 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x30
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b4c56042-44d6-4b00-8694-b7a64af12551&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 05 Mar 2021 14:48:53 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=6c5ee20f-f4b8-4ce4-849e-22182897b672

42 B
1 KB

656ms
38ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=6c5ee20f-f4b8-4ce4-849e-22182897b672
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:55 GMT
X-lat: Pug23024:0:302
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=6c5ee20f-f4b8-4ce4-849e-22182897b672
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6583805785100026089&gdpr=0&gdpr_consent=

42 B
973 B

437ms
38ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6583805785100026089&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:53 GMT
X-lat: Pug23037:0:254
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:54 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.51:80
AN-X-Request-Uuid: 83cc2411-eb6d-45d4-abd1-936c42a3117d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6583805785100026089&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-f7eO45d1l2IcU3idzaigH01M.6tgGXE-&gdpr=0&gdpr_consent=

0
418 B

624ms
31ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-f7eO45d1l2IcU3idzaigH01M.6tgGXE-&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:43:28 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Fri, 05 Mar 2021 14:48:56 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-f7eO45d1l2IcU3idzaigH01M.6tgGXE-&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 6C803D81-0BE4-43CD-95F1-41C43B2B0D25
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 00FC 43 B
583 B 38ms
34ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/6C803D81-0BE4-43CD-95F1-41C43B2B0D25?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:54 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2816960095302624362&gdpr=0&gdpr_consent=&us_privacy=

1 B
727 B

618ms
37ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2816960095302624362&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:55 GMT
X-lat: lhrpug010:0:301
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2816960095302624362&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=nOBnBJ7kNwCHtGtUy-R-AZLmZgGH6WFUmOSsqOGK

42 B
843 B

402ms
38ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=nOBnBJ7kNwCHtGtUy-R-AZLmZgGH6WFUmOSsqOGK
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:55 GMT
X-lat: lhrpug019:0:478
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:54 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=nOBnBJ7kNwCHtGtUy-R-AZLmZgGH6WFUmOSsqOGK
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dpubmatic%26bsw_param...
https://x.bidswitch.net/sync?dsp_id=354&user_id=b517963170b443fb80881afb66dfdc51&ssp=pubmatic&bsw_param=e4cdfb61-ddbc-4d53-9ba5-27b66f1a3b35&gdpr=0&consent=&gdpr_pd=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e4cdfb61-ddbc-4d53-9ba5-27b66f1a3b35&gdpr=0&gdpr_consent=&gdpr_pd=

1 B
949 B

38ms
38ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e4cdfb61-ddbc-4d53-9ba5-27b66f1a3b35&gdpr=0&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:56 GMT
X-lat: Pug23028:0:341
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e4cdfb61-ddbc-4d53-9ba5-27b66f1a3b35&gdpr=0&gdpr_consent=&gdpr_pd=
date: Fri, 05 Mar 2021 14:48:56 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YEJE1gAAAKeFVToG&gdpr=0&gdpr_consent=

1 B
1013 B

305ms
37ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YEJE1gAAAKeFVToG&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:55 GMT
X-lat: Pug23042:0:262
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:55 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1614955735.310367,VS0,VE0
x-served-by: cache-hhn4023-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YEJE1gAAAKeFVToG&gdpr=0&gdpr_consent=
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d2cfc20e-d102-492f-9526-1858442d06e6-604244d7-4348&gdpr=0&gdpr_consent=

42 B
1004 B

39ms
39ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d2cfc20e-d102-492f-9526-1858442d06e6-604244d7-4348&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 05 Mar 2021 14:48:55 GMT
X-lat: Pug23025:0:396
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:55 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d2cfc20e-d102-492f-9526-1858442d06e6-604244d7-4348&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 00FC 0
104 B 91ms
64ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=6C803D81-0BE4-43CD-95F1-41C43B2B0D25&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:55 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 00FC
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:2a853f81-7709-4e20-8a51-0c0588bb4d4b&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
505 B

38ms
38ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:2a853f81-7709-4e20-8a51-0c0588bb4d4b&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:48:55 GMT
X-lat: lhrpug001:0:625
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:2a853f81-7709-4e20-8a51-0c0588bb4d4b&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Fri, 05 Mar 2021 14:48:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 pubmatic
um.simpli.fi/ Frame 00FC 43 B
611 B 101ms
32ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:55 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Thu, 04 Mar 2021 14:48:55 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
146 B 15ms
14ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nordkurier.de

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 15ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nordkurier.de

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 369ms
368ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2072175501144971&correlator=2495629370646669&output=ldjh&impl=fifs&vrg=2021030101&ptt=17&gdpr=0&addtl_consent=1~&sc=1&sfv=1-0-37&ecs=20210305&iu_parts=68792739%2Cskyscraper_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=120x600%7C160x600%7C300x600%7C200x600&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=nk_zone%3Dstartseite%26nk_paid_user%3Dfalse%26faktor_width%3Dfalse&cookie=ID%3Dd630a8e6d68455df%3AT%3D1614955733%3AS%3DALNI_Ma0RNH2_KQGFqJMDOgU8vVPQJOvPQ&bc=31&abxe=1&lmt=1614955666&dt=1614955735271&dlt=1614955733061&idt=388&frm=20&biw=1600&bih=1200&oid=3&adxs=1452&adys=200&adks=1057663112&ucis=8&ifi=9&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nordkurier.de%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x11921&msz=120x600&psts=AGkb-H-DAWd89J16KMRyR7C0qOnE0XhDOmOaeQNoGRIUp4rewmr-ahCYZX-S3Mc6z5BBNsWyNoqN9zN3WJlp%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9JOUkp7rQEGEtmFRP0xy_NV3fyHUuXUsGpJHernPyI5Jx5ISGRhiIJtUVdbe--yjOFZS7KWCUsWofy%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H_qFeUZQbdX0G1lF-8FNoq52GbVhBie0MaroosU9F_-0M5qf7tuU6GrE_kLViyOzFAs6pVmTnq353ok&ga_vid=1461207546.1614955734&ga_sid=1614955734&ga_hid=2019150982&fws=0&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b09ee6e9ef0ad14ebbc536196976a53a0187a230431f76a3fe5b6a7e824e1164

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10848
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nordkurier.de
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A6CA 42 B
89 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvvVqIKl8mXNd7oNtuSU9AaprQH4DeOMTiKSRBZWjwrneUM2B-G47uxBvbc4xkCWLq7O9BwVPGFrgUjjk3s8nwyZZ7A21Vd7p8uBiOyTLA&sig=Cg0ArKJSzEyRvHR1XMDAEAE&id=lidar2&mcvt=1000&p=0,872,90,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210303&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=2998627492&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1614955734463&dlt=0&rpt=93&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/032103020108001/ Frame 2379 190 KB
55 KB 35ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f62d954259f435a0440944e2212186a491e735554dfe068191fcc039c62342

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 232745
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55105
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 22:09:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8cbcd1f838dc3bf4"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 22:09:50 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/032103020108001/v0/ Frame 2379 12 KB
5 KB 44ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/v0/amp-ad-exit-0.1.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f9560479a05fb86854546c40ec030edc2bac692d4142391d69b16e5c033a185

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 44149
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4548
x-xss-protection: 0
server: sffe
date: Fri, 05 Mar 2021 02:33:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4eb73d471ab4cb2c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Mar 2022 02:33:06 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/032103020108001/v0/ Frame 2379 87 KB
27 KB 44ms
31ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/v0/amp-analytics-0.1.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6f768cbb894f2690011ee62662d3ac9480d12f5088fa46be57e650fcc4d835c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 232745
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27208
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 22:09:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "22950e05e749846e"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 22:09:50 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/032103020108001/v0/ Frame 2379 27 KB
9 KB 42ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/v0/amp-fit-text-0.1.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21d45a4ed77653b3b1ee2b47a786a4dbb936a3b19fc56e1b44c16aed35eb80ee

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 232745
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9587
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 22:09:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "739644f32ad1483f"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 22:09:50 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/032103020108001/v0/ Frame 2379 40 KB
13 KB 40ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032103020108001/v0/amp-form-0.1.mjs

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c6af60796cc240ad277098308cf363c2700f5296264ec1b43b4e1362763c439

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 232745
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12827
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 22:09:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5cc8dcc2368726c7"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 22:09:50 GMT

GET
H3-Q050 200 de.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2379 3 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/de.png

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8471f381394962167d7d0cbbd9ffbd1f19d3ef6c48a7d9e3209142e674481368

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 12:56:21 GMT
x-content-type-options: nosniff
server: cafe
age: 6754
etag: 6601037253665971276
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2958
x-xss-protection: 0
expires: Sat, 06 Mar 2021 12:56:21 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2379 295 B
325 B 7ms
6ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 22:17:05 GMT
x-content-type-options: nosniff
server: cafe
age: 59510
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 05 Mar 2021 22:17:05 GMT

GET
DATA 200
OK truncated
/ Frame 2379 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95cc8f32fff8373512d29792c4d8300fc9188615252df2ce077ca13031fccddd

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 2217152177724016724
tpc.googlesyndication.com/simgad/ Frame 2379 53 KB
53 KB 7ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2217152177724016724?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnS_D9ncxjaiJK3GGolNmloOT4mEA

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

511d53c53639619dc9680e14815fadb74e21e8c114cabe117a34cc950b8bba92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 26 Feb 2021 19:56:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Feb 2021 11:02:07 GMT
server: sffe
age: 586341
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54463
x-xss-protection: 0
expires: Sat, 26 Feb 2022 19:56:34 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 2379 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTQWRygD9mseBN9hhtDqegYvaPGeWChaiJDYM8MVmNNCrAnjb2-mFai_oW-gjQ0WC1uuQI-d8xPOFifh8mw6piitHyDiQ
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2379 0
0 60ms
60ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C3Z7k10RCYK2dE8OlrASb5JbwCvbkvN1hheudla4NrKbxop8OEAEgno_xGWD1lc6B4ASgAaiV99ADyAECqQIaCdjGqtN9PuACAKgDAcgDCKoE2AFP0GiRLXWlmknr_kl8n1kcvbxVjeg2cz5E_kGzp38LAQnYQE5xp53PU2HNFrkZQ8eIA6AX7rUOaWkliTj2KgPvkV1rf3AT89IR7fFaCzQgzHGTd4q1tLaTPp0EMFu2iNMVXkp19Wq9XFjIF-iw6Ovm2X8hDS8JS_iQ-F2nb0KYZP0-sH0BY0fmE0f3JRrwvW7WUDVT5ev6rJ2rkMu-wYLNayIC14nf_sxGcmBbCRfqEgKs4wCcQWcqzrfxWd2o-rQEdtbk6jj70tHpb3dzssmDpRGMZnChO5_ABIHMldXDA-AEAZIFBAgEGAGSBQQIBRgEoAYCgAfA6ogvqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEK69RtIIBwiAYRABGB3yCBthZHgtc3Vic3luLTU3MjY5ODcyNzU4OTU2NDOACgPICwHYEwyyFxoKGAgAEhRwdWItODA5MTQ4MTIwODY5NDg3NQ&sigh=YxE3xo73tTs&tpd=AGWhJmuIkW5-_V0wnGfJmm6CD-FLrUWVW1CSSAt_bF6DtdbuSg
Requested by: Host: www.nordkurier.de
URL: https://www.nordkurier.de/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 84B4 42 B
120 B 44ms
43ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuyFTLpaGw2BrkqV9RD9rEKjEOp-RjOEDERVtT2aP_V2i02igHByOV6EdGuJ7pKXAzbVw3j_RrkVl40qqiKHcnSXg8KVPong9CIyfFuh_6fgJ8O_wsGc61FPb8&sai=AMfl-YQdWxKZ2lC52HFLkAiLb0xNNBs9US2rN2bm4VwvliBZWHIzcBo6llG21fp9jEkAtu2VyZaWfqK1ZAlUjNRLBeCsrVrKkLivumqtnPRE0QGskPsj2bMrBDMqnU94&sig=Cg0ArKJSzPdVO9TB2F2VEAE&cid=CAASFeRoDns8VZeJKmbvqqjGfI7LDlKYdA&id=ampim&o=187,204&d=800,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=167&tls=1168&g=100&h=100&tt=1168&r=v&avms=ampa&adk=1905015806

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 687F 0
0 59ms
59ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssX7fqGIB7tZSR-QWHi6VpX_j3QHWAu4jdFX0QZAOFIXkjlSpe3AMZh8TLZMfcA1u_2utNmk0M6KttwH_lKIhHPLd5RS4Kq_h2FaRXr1CzGO7uZHIo4Plw5ZrheaMwLBAgpqmf6qIJp20VMvNVJwC8M07WrMaWm5fvBbEH1qdalHb4KpL30CMhFjC_nAHeggMuV0nVFawwsDBYugUWXg1wdNccOHcDQ0s7iE5WUqSsQjpiR7zG-4lmOw60MCmhRQ34UWaQdDrSoi9PxLggicaNwrfOFLnviFen7pU4OV5jTVs1rswze&sai=AMfl-YRnKNNfRcZc91-MaI5QNMraSFRd5Igg2WKkoNnuQXLjPavb0ra6j3qSOKdLz0wuaMMhUfSK0FnlKnOy1Zr1Mhn3_HZI8WuoVFTduUanmRLS-LsUf-Pu1kLApEPLberl&sig=Cg0ArKJSzCAYbNdEaKPyEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:56 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:56 GMT

GET
H3-Q050 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 687F 55 KB
21 KB 25ms
24ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

47979ef506264db0704b5de93065a3ca44e171e2054648f5f12f66f587a1ed3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 13:58:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3039
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21163
x-xss-protection: 0
server: cafe
etag: 17443452193483161684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 05 Mar 2021 14:58:17 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 097E 0
0 60ms
59ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuiiKpiIlGxjsjok_ERRZZoe2kuJyNZe3alvBP9KgqPb9QNDABEthqC7QIcYNzYqSP3Uh9T2_P8W5its0h__iOsl9KZ-K_swQGJLk0V66N4Bt2Eqla3n5ZQRR58ttruYB1gMreqOj7J4z2PrgoBHwvogmygsar5Guatz37PAEgcA0-f1YKHIJc7hkwMVEyQ5hI8P3z564xHIPaUjFVvmDheQmnkxnuIArZWxaKqnLCn2aayWZpJzjpVG7MTMOa5_tSd9MZgkAeotr-wHpQkcSXExG_ZcbJy-5Solp05MCbk6DYaMr0i&sai=AMfl-YSoXWQ73AyB49UlX4WBKip35b_BYybvGDZqxpEMz_j3hv8s4OOw6Dp6ypTZfrcwvWeVGdPXOxNsIT-77_PQemdb2uNfV9uj5QcJTuSFSoDH2dCg0r53FPMYDgaIt3wN&sig=Cg0ArKJSzFyA9W9xpFo2EAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:48:56 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:48:56 GMT

GET
H3-Q050 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 097E 55 KB
21 KB 25ms
24ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: www.nordkurier.de
URL: https://www.nordkurier.de/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

47979ef506264db0704b5de93065a3ca44e171e2054648f5f12f66f587a1ed3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 13:58:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3039
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21163
x-xss-protection: 0
server: cafe
etag: 17443452193483161684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 05 Mar 2021 14:58:17 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 687F 0
331 B 289ms
101ms Other
image/gif 2607:f8b0:4004:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~klwey54m&chm=1&ctx=2&qqid=CMa21fayme8CFRq6dwodorYFwA&met.4=fb.2~lb.8b~ol.1tu~idt.6r~dt.-41&met.3=739.8r~740.a8_1~740.a9~740.a9~740.a9~740.cw~740.fq~740.ij~740.na~740.pf~740.rz~740.ut~740.xn~740.10i~740.13b~740.165~740.18z~740.1bw~740.1ep~740.1i4~740.1l3~740.1nx~740.1qr~740.1tl~738.1to~749.1tp_5~736.1tv~735.1tw_1~113.1v0_4~112.1uy_6&met.1=1.klwey39o~14.0~15.0~16.0~17.0~18.0~19.0~20.1to~21.1tu&met.7=CCIQBBgBIAMoAzBBOD5oBHBAePwCsAEBuAED~CBsQCiADONYB~CCoQChgBIAQoBDAWOBM~CBsQDSDxATifAQ~CBsQBiD2AThe~CBsQBiCbAzgd~CBsQBiCLEjgx~CCgQChgBIMYSKMYSMOUSOB9oyxJw5BJ4zqYBgAGrpQGIAda1A7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:815::2003 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:56 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 097E 0
54 B 277ms
102ms Other
image/gif 2607:f8b0:4004:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~klwey554&chm=1&ctx=2&qqid=CMm21fayme8CFRq6dwodorYFwA&met.4=fb.3~lb.9p~ol.1uf~idt.6n~dt.-45&met.3=739.9t~740.a5_1~740.a6~740.a6~740.a7~740.cr~740.fl~740.ie~740.n6~740.pa~740.ru~740.uo~740.xi~740.10d~740.137~740.161~740.18v~740.1br~740.1ek~740.1hz~740.1ky~740.1ns~740.1qm~740.1tg~738.1u9~749.1ua_6~736.1un~735.1up_1~113.1vc_1~112.1vc_2&met.1=1.klwey39s~14.1~15.1~16.1~17.1~18.1~19.1~20.1ua~21.1ug&met.7=CCIQBBgBIAQoBDBDOEBoBHBDeIICsAEBuAED~CBsQCiAEONUB~CCoQChgBIAQoBDAUOA8~CBsQDSC_AjifAQ~CBsQDSDAAjjIAQ~CBsQBiDCAjgs~CBsQBiChEjgv~CCgQChgBINkSKNkSMPMSOBto2RJw8hJ40qUBgAGrpQGIAda1A7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:815::2003 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:56 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 88ms
42ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 83bcdfa5df8e5f84aa8715b0aefb06e9909b30290843475a0ecc6887650f811f

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:56 GMT
content-encoding: gzip
last-modified: Tue, 23 Feb 2021 11:00:28 GMT
server: nginx
etag: W/"6034e04c-14008"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 06 Mar 2021 14:48:56 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 86ms
41ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 83bcdfa5df8e5f84aa8715b0aefb06e9909b30290843475a0ecc6887650f811f

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:48:56 GMT
content-encoding: gzip
last-modified: Tue, 23 Feb 2021 11:00:28 GMT
server: nginx
etag: W/"6034e04c-14008"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 06 Mar 2021 14:48:56 GMT

GET
H/1.1 200
OK SPug Show response
simage4.pubmatic.com/AdServer/ Frame 00FC 0
418 B 124ms
31ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156657&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 05 Mar 2021 14:43:28 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

pd Show response
eu-u.openx.net/w/1.0/ Frame E599
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0

668 B
732 B

35ms
34ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
Requested by: Host: cdns.yieldscale.com
URL: https://cdns.yieldscale.com/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 036a8bd55834865510878a718ad2df767247aa7ccb22dc2c86d3bf85817f5475

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nordkurier.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=16d8c49a-b05b-0ed1-33f2-9f8fe85bf4c5|1614955737
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nordkurier.de/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=16d8c49a-b05b-0ed1-33f2-9f8fe85bf4c5|1614955737; Version=1; Expires=Sat, 05-Mar-2022 14:48:57 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1614955737|gekin0vNiygu; Version=1; Expires=Sat, 20-Mar-2021 14:48:57 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.202.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 05 Mar 2021 14:48:57 GMT
content-type: text/html
content-length: 420
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=16d8c49a-b05b-0ed1-33f2-9f8fe85bf4c5|1614955737; Version=1; Expires=Sat, 05-Mar-2022 14:48:57 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.202.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
date: Fri, 05 Mar 2021 14:48:57 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame E599
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=29416042-44d8-4d00-8d0c-080b281ff7d3

43 B
106 B

33ms
33ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=29416042-44d8-4d00-8d0c-080b281ff7d3
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 05 Mar 2021 14:48:57 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x15
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=29416042-44d8-4d00-8d0c-080b281ff7d3
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 05 Mar 2021 14:48:56 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame E599
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=Nqm6ATSt6gotqLwKMvyjBDSgv1Ut_7wAMqHD1Se3

43 B
122 B

34ms
33ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=Nqm6ATSt6gotqLwKMvyjBDSgv1Ut_7wAMqHD1Se3
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=Nqm6ATSt6gotqLwKMvyjBDSgv1Ut_7wAMqHD1Se3
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame E599
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3992182173670863244

43 B
106 B

33ms
32ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3992182173670863244
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3992182173670863244
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame E599 70 B
264 B 45ms
43ms Image
image/gif 99.80.71.186
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=c574fbc3-19dc-3126-6924-57678c7cc738&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.71.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-71-186.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame E599
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTkxYjI4MDktZDBhYi02ZjgyLTdjYzQtMGRkZTQ2OWUwOTU4
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTkxYjI4MDktZDBhYi02ZjgyLTdjYzQtMGRkZTQ2OWUwOTU4&google_tc=

170 B
232 B

34ms
33ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTkxYjI4MDktZDBhYi02ZjgyLTdjYzQtMGRkZTQ2OWUwOTU4&google_tc=

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTkxYjI4MDktZDBhYi02ZjgyLTdjYzQtMGRkZTQ2OWUwOTU4&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame E599
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEN0rOWSzCt39UGibj38-1ek&google_cver=1

43 B
106 B

35ms
34ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEN0rOWSzCt39UGibj38-1ek&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=263b78ab-ff4e-4348-87d9-99364119cdc8&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:48:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEN0rOWSzCt39UGibj38-1ek&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 17ms
17ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210303&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a61afa537b2e1cc63400cad3f2aa1e71c4757f4209c4d59ef396e9766cf1d09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Mar 2021 14:49:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6425
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4F12 0
150 B 43ms
13ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.nordkurier.de&gdpr=0&gdpr_consent=

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=www.nordkurier.de&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nordkurier.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nordkurier.de/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1459
date: Fri, 05 Mar 2021 14:49:02 GMT
content-length: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:49:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:49:02 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame E4CB 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/e1a02409-364c-4a32-9ad1-c51f69b5e739/grumi-ip.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nordkurier.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nordkurier.de/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Fri, 05 Mar 2021 14:48:06 GMT
expires: Sat, 05 Mar 2022 14:48:06 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 56
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js Show response
pagead2.googlesyndication.com/bg/ Frame E4CB 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 03 Mar 2021 14:45:22 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 10:45:00 GMT
server: sffe
age: 173020
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5643
x-xss-protection: 0
expires: Thu, 03 Mar 2022 14:45:22 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
224 B 42ms
41ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210303&jk=2072175501144971&bg=!S0ilSAvNAAWsVXnBrDsAKQB2-DxaSC6ZyZ3WunN1e8Uu9OowNHFzzk7ovHyutpKE_IIeEjijOeYHAgAAAHhSAAAADGgBBwoBN9Ys6_TJ36JNKvZFL0MuTBDkQr-_vYNJYfotFy3x71cEJhEH1rYFQfScv3s-pN6VoOZHpF1o_Dski81jj4ik6VyBbu5Dw5c3c9OS3QN49yAdv-urYekSDEcu32hA7gioIrLtuLBWhg_XqTqYRPEc3oTzEWrL5xkikNXHYclhZx7hm6oLnDrmDMLe9TtarBrdssThSul4KO_iyQMFzIrbsLdMzohV1dme5ii0a1kfMureyV7AE6dbW9CcdS4DXsv1b8HnaV5S0qbnrkj4KimvivOWM0pzpPbjYRmuYhjUl1FLSCe_Mt3WcPc1wZScORxDLzui2PvE1-pho_gIfY0SmqRz14Np9hLhVOQcmS46NyN_Oxxir9SsA2CZFGjEs447rzOXLAPDW2_cgvXCsRHdv8fN73EeG820mQIAd-K1uw1WTMW3_XEJ01tEZUfWdSSQU_Sma5Lqv155BQ_WHYw0-RwJCrgpetx6WImLz7YCXlvEed3khDhKTA8BDBUwr3CSuCT8DbOChGaqJ8hTDZh0qGdzn_CYfGM5e-3mJvwU51JIZbwXpcuzc61h6VFdne5auhaNLnD575ifyaXSudyA8xd8pkk1wa6-hqyf5ER-ewdzVY17XUXQsd26MR0hI9ZtVfqptIzzDVLa-vPJ9RTLzqJy6LSBAz7Tu1RcknIvvyUjLNgsSZygnKXE4VVoM_wDJNfr7G53F70MrGPeAwitRmWcMViyIk2zxgkGNJMfCQhNC5cDABiFBrNVZwdTy9Qg8noQ62ez3MBoKUXv-FFuGUIVyy6jVG5WKCvmdDXQmh0G8CWMlJF5mLLmhBlf73PT-vmxI4Hqh8Q52r_YTG4djn236WwlRYe2-XJhjFr53e5KO9XXiDRuE49O9sPXJggbDtIiJzjT1Xfi7zYjjxZtCUtFfnXz0UmLO1kBMPcT6S0uvp0o-H-kKjg6cvbfJPexxBjTiSvJE9MufFPeVjcZeLNB49_HBaTLiNtB7E_J5etGhP-W5oU_FBGM9nnd2-5eVJU1hkbEqO_os5oF0EtKDrofkvGCOVPpDodyinNS37-EjCBHF6h6Z_51ercSKcqd0Ee03Iww5EA0prg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordkurier.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Mar 2021 14:49:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: adx.adform.net
URL: https://adx.adform.net/adx/?mid=794357&t=2

Verdicts & Comments Add Verdict or Comment

196 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pubmatic.com/	1970-01-19 18:45:31	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-19 17:19:07	Name: PugT Value: 1614955741
.pubmatic.com/	1970-01-19 17:19:07	Name: KRTBCOOKIE_699 Value: 22727-AAH-P07AhIoAABB6avKU5A

41 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 6) Message: [object Object]
console-api	error	URL: https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js(Line 1) Message: TypeError: Cannot read property 'consents' of undefined at <anonymous>:6:171 at t.addEventListener [as callback] (https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:149412) at t.e.invokeCallback (https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:30402) at t.respond (https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:29795) at t.respond (https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:119735) at t.e (https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:30267) at t [as constructor] (https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:29690) at new t (https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:119539) at e.apiCall (https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:56737) at https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js:1:56969
console-api	log	URL: https://www.nordkurier.de/sites/default/files/js/js_qZsFAsizo3NWW9b65VFWJRa-ghB3aMnalxXYbXMNgsA.js(Line 1) Message: Messaging without detection successfully executed.
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: bootstrap [object HTMLDocument] loading
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: bootstrap [object HTMLDocument] interactive
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: initialize
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: rcImgBF
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=335(Line 1) Message: bootstrap [object HTMLDocument] loading
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=335(Line 1) Message: bootstrap [object HTMLDocument] interactive
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=335(Line 1) Message: initialize
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030101.js(Line 6) Message: Exception in queued GPT command ReferenceError: adServerTargeting is not defined
console-api	info	URL: https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2103020108001 https://www.nordkurier.de/
console-api	info	URL: https://cdn.ampproject.org/rtv/032103020108001/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2103020108001 https://www.nordkurier.de/
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=157(Line 1) Message: bootstrap [object HTMLDocument] complete
console-api	log	URL: https://cdn.recognified.net/rd.loader.php?pub_id=335(Line 1) Message: bootstrap [object HTMLDocument] complete

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	allow-from nordkuriercrmtest.crm4.dynamics.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

32e9ec56d9860726db9fe3d08cac0ce1.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
ad.turn.com
ad.yieldlab.net
ads.pubmatic.com
ads.smartstream.tv
ads.yahoo.com
adservice.google.com
adservice.google.de
adx.adform.net
as-sec.casalemedia.com
aud.pubmatic.com
bh.contextweb.com
bidder.criteo.com
buyer.dspx.tv
c.amazon-adsystem.com
c1.adform.net
cdn.ampproject.org
cdn.jsdelivr.net
cdn.privacy-mgmt.com
cdn.recognified.net
cdns.yieldscale.com
clients1.google.com
cm.adsafety.net
cm.g.doubleclick.net
concheck.adsafety.net
cse.google.com
csi.gstatic.com
d5p.de17a.com
de.ioam.de
dis.criteo.com
dsp.adfarm1.adition.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
googleads.g.doubleclick.net
green.erne.co
gum.criteo.com
hbopenbid.pubmatic.com
ib.adnxs.com
id.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
inv-nets.admixer.net
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
msodigital-d.openx.net
mwzeom.zeotap.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prg.smartadserver.com
pubmatic-match.dotomi.com
rads.recognified.net
rtb-csync.smartadserver.com
rumcdn.geoedge.be
script.ioam.de
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync.smartadserver.com
static.criteo.net
sync-tm.everesttech.net
sync.mathtag.com
tags.adsafety.net
token.rubiconproject.com
tpc.googlesyndication.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
visitor.fiftyt.com
www.google.com
www.googleapis.com
www.googletagmanager.com
www.googletagservices.com
www.nordkurier.de
x.bidswitch.net
adx.adform.net
142.250.186.162
145.239.0.62
146.0.227.110
151.101.114.49
159.253.128.188
159.65.197.210
172.105.89.40
178.250.0.163
178.250.0.165
18.156.0.31
18.185.180.173
184.30.20.198
184.30.20.241
185.29.132.144
185.64.189.112
185.64.189.114
185.64.189.249
185.64.190.78
185.64.190.80
185.86.138.131
185.86.138.142
185.86.139.96
198.148.27.139
2.17.187.27
2001:678:cb4:bbbb::11
212.71.252.71
213.155.156.167
216.58.212.130
217.182.199.59
23.37.42.132
2600:9000:20d7:ce00:4:b37b:9440:93a1
2606:4700:10::ac43:25fc
2606:4700:10::ac43:db6
2607:f8b0:4004:815::2003
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1288:110:c305::8000
2a00:1288:80:800::7000
2a00:1450:4001:802::2001
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:810::200e
2a00:1450:4001:811::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:813::200a
2a00:1450:4001:813::200e
2a00:1450:4001:829::2002
2a02:2638:1::13
2a02:2638::3
2a02:fa8:8806:12::1370
2a04:4e42:1b::621
34.120.207.148
34.98.64.218
35.201.77.229
35.201.96.126
37.157.5.142
37.252.172.37
51.77.65.169
52.95.123.41
54.228.192.197
65.9.187.116
65.9.24.128
66.155.71.25
69.173.144.138
69.173.144.141
69.173.144.165
77.243.60.138
80.82.217.92
85.114.159.118
85.159.214.153
87.98.128.108
91.215.103.64
91.215.103.65
99.80.71.186
036a8bd55834865510878a718ad2df767247aa7ccb22dc2c86d3bf85817f5475
04d2e2566a703d54107df2ab5dda957369a58840e676fcc607359dd440167b5a
065aa8ea3d77ee9f106cc0dc40582ea0d629107e67bab1979671e8ebc39ee79d
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
072a4db63827f5ec6f37dcc9ebe3d08e5d2f282de0ac807d852e55ff2973d4e7
0791014260807d85fc498ea3074e2b84c72006645f96d9543ed1816878c46cff
097709ff4c669c09fb17a967cc2e672bbdfe06134fc08825245e7a4f58a49e5d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba2ddd9d71ea614c25abe91d4ee47c6cb8467ade7e7d97feb4e6437448db3ad
10298f5bc5d513af549d678baa21e0b3acc149437732164ab9210c95cfd6cac8
144c6e062a9a391ff0df314ca618fca1b0f3f18d18ad06026d8690640f56e206
166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da
167fab0f94c6cf7bb2a8c5e559e7c65302f714ffbee89263403ade38c22938b1
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19866831a184a743c212097d8741965613719f3fdd5ecbc1a5ba2a9ba9cf74cf
1c9b62cdf65fe3e6565ebd3791927ce48feefb18de286956c1e22b422db4b4f3
1effa035680cdc509202de3b256b58035b550c4d1f90559a1b3b76b2e704ad07
1f919a3e3d15c28f9cafb1f71c0ffcd8300707a35378bab7400209d72cd3e9b2
21d45a4ed77653b3b1ee2b47a786a4dbb936a3b19fc56e1b44c16aed35eb80ee
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
24912614ad2dce2aa138e85705b52b82540dce67e98c41445fa3fb125dcdebbc
28989fe1f958741fa4dac8dd849c9b294658c38e327307d4943d40f4933da99c
2f76f74a2e0841fed2d6a078dd5c3b82033ef69646e8a7ed407809797b249e18
3895f89eac8f79ffb30fb97580265c9cdb3a8027935444ef6727ae40db5e7ef2
3b57d65c9e0883f0785c71a9ce6601df21ce055833409800e12de454cdea2e3e
3d6c2aebdcee05cbd50b4328248658e1c8bef2110ee31bb1bd1260e013ab2b2f
3dd45cac1c8de860d019bf111c467db83d5a10a2c2ead9818702c56233eabd07
3de4b591f615b7d98b666c01a76dc3963dc9877e9240a29595eaed13690f24d2
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
41a75bfe0ede45e62b25affc73c3526bc5a973a959a50697eed855c1a333f618
424d7aa78f9cc54fc5354e4a0f30f033808d859e54f119f5cf4a154c9a4a7bba
42e9ceb939f47bcdd4c08b23a0e4f052cce093e397b1c1aed5b4efcf4b227412
43cd126eb9752e69671da27860604f05bd8c005b29d4e6bd3586aeee0f76eb4e
43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5
476a6e2d103abde2b6b33c23a85b69b8b7ddc9e6925fdf8ac1ea3e33e2f76ea2
477d91ab94e5a4d5c7e16269545bd13705bcba52333bc19bb397b500cea45fc1
47979ef506264db0704b5de93065a3ca44e171e2054648f5f12f66f587a1ed3e
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
4c6af60796cc240ad277098308cf363c2700f5296264ec1b43b4e1362763c439
4ddc003bfd0366a9c5e059509b3bac51972a8e803904b2a90b6b5c5ee7b26720
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50d11e57f8fc38d756d2e2173f8f6a1c42c1a08c3183041fcc2d08f4e2df7871
511d53c53639619dc9680e14815fadb74e21e8c114cabe117a34cc950b8bba92
53f62d954259f435a0440944e2212186a491e735554dfe068191fcc039c62342
578e85566f961f8549fbcfcfcc6189485b8efac3827244f6cfd0979e2f9f3cc5
582ea3d7202f90390f5c647b3593fa39da561d85025f9a40e3e5a49fae6dba86
5c596ed776255883bc27ecdeedf24e41d01c557abbc62a4888b6fe04bd8ea50a
5ee9e63e519096342d5899e32f1a38b4880ffba6b2aff64178b955a3b7f3a80d
5f857628c3a921a9c70397b86255363aeca969de6ab01287876d7f4395629290
60ab2335ec8434c18760ea5364294f7bacd340a016ca18d757940cd3bfa041f0
6337d8f14db18c6ad2de4250cd3a6a704f3a0eb69415af3d910678199630d5fb
635466c20a45e99be137668666a829f19f2cc4f92cab3ef932cd1ab3262dc543
636434ac8a7ca6d6fdb6f3f55c15d28a5e68d53bb793be69c4b76ff91e29e491
672a6c0deba486e5a9ccf61c0c0eed580d5dd254cd11a20a663e93043c7d7d14
6a4cbb9dcf4b40c8643c7caf28ca6a6ed16596dcc8672c9a6659d34a335fc5c4
6a61afa537b2e1cc63400cad3f2aa1e71c4757f4209c4d59ef396e9766cf1d09
6e2f923eb27c2a305acbfec6800252928d4d568722eec85c0acff59b2d3eae00
73e79137900ce844bdef7c22213c8831301e8cd9993f436a32e38adf2203abb6
73efa3c6048e9ab950db21c267279960356bbc74505e713c6380ff16539735dd
7478f66b4bc40e64519e23b06fc667b83bf6441d8548ce5bbbd8d8af416161b4
751e76567e79dd1e11621b9799a06e9e55c46115c1e4ab9651b0d2d5e273bafe
7be6ea471376a554ac2ed8e92739dceca2f341fa900bf25a6135a8b09cd3bdce
7f26a6d3b30fbb8891f33c8f33cea75bfc41bd9e604508ad9007145ab2362c67
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
83a2c0983e186d05e0ced4eabce4a0ff4142531cd5b6b2019b89db32f4d29717
83bcdfa5df8e5f84aa8715b0aefb06e9909b30290843475a0ecc6887650f811f
8471f381394962167d7d0cbbd9ffbd1f19d3ef6c48a7d9e3209142e674481368
86cef609c85d2c2ce6a507af54e77a9c150e2fa408043e1454082614c4b0ce2b
86ea3e40f770ec6008f33e0d669f5113299ca245ddb54100b9e06071fba8643d
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f9560479a05fb86854546c40ec030edc2bac692d4142391d69b16e5c033a185
931b67bbdf14e0c9895163111489019925a8d9193876efd823148168d763e52a
95cc8f32fff8373512d29792c4d8300fc9188615252df2ce077ca13031fccddd
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9cc7b484043b43b1f166bfff3c3ed7414e6cbaa2e39a44fd1723e3b20bcf0ea5
a03b6f454c63c6fab9440b107ad03290d743d1ba75478f102b10991d9b576260
a1e6b260b3a8481c8ad4b8626f956c0b982d1b9e6284ab07c7becd13f3accad3
a3b98a72f866cb4404f0feefdacae15a3553cd76c87dfc5b6aedc15d74be0c79
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6f768cbb894f2690011ee62662d3ac9480d12f5088fa46be57e650fcc4d835c
a8a6e40edc3b956f2c8930fc6d6df9f4a769187f5404ffd5bf5f78b5349c465e
a99a80c32ad0e61a248f522a589300c114673faa3b19fea71a653902914f96e5
a99b0502c8b3a373565bd6fae551562516be82107768c9da9715d86d730d82c0
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ad5e5a5e801b217ae05b093efeed32034ea9ea53dfd4a4e90fa344cf310e30cb
adb1a7210a8f3e3a81e77246cfec32611759069f8510f3a2f413f9a3c4058e0f
adf9b08be034d0a94564f169f18c9f823faebc4092a7744e7e923222c0b53f88
b09ee6e9ef0ad14ebbc536196976a53a0187a230431f76a3fe5b6a7e824e1164
b1b38e2f012637d84dd5b6b38806326a1e0ff0ee39b332a490c7df2424d14e4e
b34adbc6346c94ab87b1b7ffd13bab8399c126d039ad8babb91139e8399244af
be43bc50423e590dd52e3abc1c7a573236ba00e1bb413686433bfbeb335afba8
c0154177bb90d6090ec7656a5a281c418be5af5a9718ff1a0bdfd5982736dc63
c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113
c0ac855f8ead54a26d3ca375daa36345f4b86ae6d6e06daeecb2b6daf94388aa
c0cdcf3224a18d66039b74a6a0c70977585d75d5ed67ba23a6b5eab8c0a2ba7e
c0f320102b0fa34ee3871545240f3ac8dd566319588d7794b4062654fef530fd
c183713781265a2abdc03eab5050b102a17a1170eaa908604e61fc9f07c9aad4
c1f6f1027092d281d624e67f9f83460ed291ae367b558c16cd6afad7af5eba1e
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2e34a3943044ec0fe8723939d6897a88ca3a2bd449f69c2c3edf31dee964b75
c3b18cc0a385c6d5e81af3d1739aa9565f88e7d6b9a00d2e3b6d732e3b9ba3e9
c44fab5ab25ff9f9dc07aced65f77686ec6a831bb858efaac266ba5deaf7d26e
c47f237d1c8ad4453f1a6b3297f211c73406587e055b11010f464cce429ccdf7
c9e09403bd55b7740b4cb4e2e1ebe6132d8a1da0414e78a6960164077c2385d2
cb03b00d3671b2b50331d90d1d5f2c315bf020a9c8d0f99d7958f34fa53c2344
cbbf0aecb976d3f660a1013762e945889c861fe823437d066a1c0be46c2ad536
cda104feb0a99371716601593abb5105faefcc150757bbf88df1e2c573ee4719
cda3b9cdce18bc98f4a4586419e98fad13eed5a179fbfd8debfcec6494c8383c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d79e730c3217e49b9289f7626de09b37029030b51947ba3e39209553b5d45afc
d94c3ec221837b9a5916ef4c69ee1530a280b4899bac220714195f66b3b7661e
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
da905cb7ee07808b88faa67deebc6dab6dfd9edbeda7f2a480ba8f76fab4a1f4
dbb2ea22cdc1a725060500c31314ffca20fd08ef637484137fe381b2f5267334
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fc5772469b4a0225ef143605aeaa409ad0e2455f621b34edf7e86d4c25aab3
e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e
e78c14aeb9435fd03f67ad2ee4c45e18bfcfc100a4c62c8bd886324ce6296f77
ed7ea83f7f917473bd55b75dd9e9341f0d46f3153321a74f09b6d78d49d1636f
ed9d4a95733c5db922a5387180876383a34063b3312d0e6b23c31bbe6d4be426
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2092ab5b58ee05742a711f65fe3021be81a1d243a14109ad140ef42cfb6382f
f9da2c22e98557527f175ed5506ff87c6d1933eaeb42868500675fa86ec5078f

www.nordkurier.de Open in urlscan Pro 2606:4700:10::ac43:25fc Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

186 Requests

99 %HTTPS

34 %IPv6

52 Domains

84 Subdomains

58 IPs

9 Countries

4092 kBTransfer

9079 kBSize

3 Cookies

18 Outgoing links

Redirected requests

186 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 28 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.nordkurier.de Open in urlscan Pro
2606:4700:10::ac43:25fc Public Scan

Screenshot
Live screenshot

Full Image

186
Requests

99 %
HTTPS

34 %
IPv6

52
Domains

84
Subdomains

58
IPs

9
Countries

4092 kB
Transfer

9079 kB
Size

3
Cookies

186 HTTP transactions
28 data transactions