go.usatimepost.com Open in urlscan Pro
185.217.92.81 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://go.usatimepost.com/
Submission: On April 10 via automatic, source certstream-suspicious (April 10th 2023, 5:09:05 pm UTC) — Scanned from NL

Summary HTTP 153 Redirects Behaviour Indicators

Summary

This website contacted 24 IPs in 4 countries across 14 domains to perform 153 HTTP transactions. The main IP is 185.217.92.81, located in Netherlands and belongs to ABELOHOST, NL. The main domain is go.usatimepost.com.
TLS certificate: Issued by R3 on April 10th 2023. Valid for: 3 months.

This is the only time go.usatimepost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	185.217.92.81 185.217.92.81	204196 (ABELOHOST) (ABELOHOST)
3	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
19	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	3.224.209.45 3.224.209.45	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1	34.111.218.68 34.111.218.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 5	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
6	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
15	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
7	2a02:2638:d::14 2a02:2638:d::14	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:80b::2006	15169 (GOOGLE) (GOOGLE)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
153	24

21 185.217.92.81 (Netherlands)

ASN204196 (ABELOHOST, NL)
PTR: 0dramacool.org

go.usatimepost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

tg1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.224.209.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-209-45.compute-1.amazonaws.com

track1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5f5628a644174647648efa43c93c472b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.218.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.218.111.34.bc.googleusercontent.com

cdn.greedygame.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:d::14 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	googlesyndication.com edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 111 tpc.googlesyndication.com — Cisco Umbrella Rank: 145 5f5628a644174647648efa43c93c472b.safeframe.googlesyndication.com	292 KB
25	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 201 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 335	390 KB
21	usatimepost.com go.usatimepost.com	826 KB
15	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 353	326 KB
15	criteo.net static.criteo.net — Cisco Umbrella Rank: 670 pix.eu.criteo.net — Cisco Umbrella Rank: 9255 csm.eu.criteo.net — Cisco Umbrella Rank: 7853	112 KB
7	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 90 www.google.com — Cisco Umbrella Rank: 2	2 KB
4	gstatic.com fonts.gstatic.com	101 KB
3	criteo.com rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13528 ads.eu.criteo.com — Cisco Umbrella Rank: 7796 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 31702	56 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 198	147 KB
3	aniview.com tg1.aniview.com — Cisco Umbrella Rank: 13154 track1.aniview.com — Cisco Umbrella Rank: 1918	7 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	3 KB
2	google.nl adservice.google.nl — Cisco Umbrella Rank: 14602	696 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 299	72 KB
1	greedygame.com cdn.greedygame.com — Cisco Umbrella Rank: 920312	3 KB
153	14

	Domain	Requested by
24	tpc.googlesyndication.com	securepubads.g.doubleclick.net edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com tpc.googlesyndication.com go.usatimepost.com googleads.g.doubleclick.net cdn.ampproject.org
24	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
21	go.usatimepost.com	go.usatimepost.com
19	securepubads.g.doubleclick.net	go.usatimepost.com securepubads.g.doubleclick.net edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com www.googletagservices.com cdn.greedygame.com
15	cdn.ampproject.org	securepubads.g.doubleclick.net
7	pix.eu.criteo.net	ads.eu.criteo.com
6	static.criteo.net	ads.eu.criteo.com
5	www.google.com	2 redirects tpc.googlesyndication.com go.usatimepost.com
4	googleads.g.doubleclick.net	edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com go.usatimepost.com pagead2.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
3	www.googletagservices.com	securepubads.g.doubleclick.net edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
3	edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	fonts.googleapis.com	go.usatimepost.com securepubads.g.doubleclick.net
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	csm.eu.criteo.net	ads.eu.criteo.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.nl	securepubads.g.doubleclick.net
2	track1.aniview.com	go.usatimepost.com
1	5f5628a644174647648efa43c93c472b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	s0.2mdn.net	googleads.g.doubleclick.net
1	cat.fr3.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
1	rtb.nl3.eu.criteo.com	edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
1	cdn.greedygame.com	securepubads.g.doubleclick.net
1	tg1.aniview.com	go.usatimepost.com
153	25

This site contains no links.

Subject Issuer	Validity	Valid
go.usatimepost.com R3	`2023-04-10` - `2023-07-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
*.aniview.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2022-07-14` - `2023-08-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
cdn.greedygame.com GTS CA 1D4	`2023-02-16` - `2023-05-17`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-14` - `2023-06-09`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-04` - `2023-06-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-22` - `2023-06-25`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-26` - `2023-06-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://go.usatimepost.com/
Frame ID: 0CFC6B3BE7A5212CB104878DE07F6BB8
Requests: 40 HTTP requests in this frame

Frame: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 93067D1595D684A0CD71E544212E69E4
Requests: 1 HTTP requests in this frame

Frame: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5431BD60E54AA03AF64F64C6F2C1B5B5
Requests: 10 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZNxM0qmE0hkhvnpNn_83vZiOxzH308kAc5cINrCMOB6nZihp9VFjzVXd8XCgEFnDtHRNjka2qQdPIV29AJWu2mxCDAlmGva6DnpMi3ftpP9KIKcA4R_q2ex369jEgHFKv0_WTb2JAITn9najOHjdyctni-eBUbRHFjyV98MPG6Vfs88gfz3WcujMSBXf99dIORKr8DZX0ex6eJJX6ggTGv4MlSYSP9YboW88Lz8ktaKM4YcOYrwWu_5canCbK-1lBND-vjyyR2SpviNX9hdGQ29NyGg6T6py2MRVe_OY5kda47XyIecKG_rW4Bd_hMkcN7pRfMm-JhqmClLWzAMw&sai=AMfl-YT55OTYxYzmIgYGia3URrofzpsS2W2Do-EE-oVgmG8qLmZV-sUy-4IrBIvJkk-kbulHVWPEI5yabsCdc3u3Mute_yG3W2X5UBvd4SIEFQ161wligR8XaFAZ3kByhkmaxOQNlMuJ4P5wahKeLR3q&sig=Cg0ArKJSzDAKHsEFKbEEEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 2FD580E54CE0BB0195E4F6ECB77D1404
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZDRCqwAE8vsKe6vHAArB144GIyt1NWQX5o8x-A&u=%7CcqldiJDKqkkScMI2XFIXhNZG9P8Mu%2FsvF6OyxTHVpc0%3D%7C&c1=zhOks3zwNR2QJkrtGpxDD0z6RaFAlAQ66URtX1gfQsB7PXt8PBrVICWZYsqhnD-StMZbxg0k2Ak-Al1f8f2ZDEFL-NOjD2rmMPAOGGbFHUxKi4mpyHC3tU6Zoe5gEG46dEdSQVJ_sA8fb1UVF344_YzBRuzd4-Kgnyr9_zTxBxzmpKspkjqWjoyXZvcPXvdClQc2ejDaz386HFajh-P6qY-vhV_IkCtQm1MmNn7GvSBp8voI7nPHBRR0-I2NFC3hcnQFx3w167WdDzDV82KWf4H0gnLilY9bUJikPbWlOqWz_Rw6k8vFpXkPVidSPDMcuDl-aRhs0axkRLUaUpICjaCa3KmWO_lcAGvmaALYgPMN3AtEgtVHZVcy5wAy8bXRXVKNWr5yTMGzKuYEW8OFryCtCwMVb9-iOHihcVvpo3tvz1ECwygZJRTL85kgJahoAXbiijGWBHYFGAjVshrvjU2JMKKNfIc0GFoF5DaHZSLY4eHbo-H0tOgi3MCdoc2Jl_r8QVIGGaUSrQGg0oxhyxEZteuiBsnwkA0UZyPapki7M9kcjHCkFfGuTj7d2wWsuYiUzaAQwfdo4Vk0Aax8joyp-eTtSaN77pWY9g0GHmrb9bAnhooqnA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCL1aOq0I0ZPvlE8fX7gPXg6soyZ7SsVzVnZH3cMCNtwEQASAAYJGEoIWMGIIBF2NhLXB1Yi0xMDY3Mzc0Njc5MjUyNTM3yAEJqQIAdxmc1ESyPuACAKgDAaoEpgJP0Nntz6KUYNMEl-pMEJ9xogctu93i5JZ891uop2IhNSml7IcDgHxxi5DKEChuDLA8D_CWPFsPKLHYaMti2SgIr7lxsJJqGdKc1RJ3BSTGam9HUmYoXEvU5VqKCsq6yguivhhgFSnQtVXTpLaMy6nWYh1Sr4TIe7-utZLGVULPjwDKQdDnl_akWEIeGq9dTY6THwR9d5LGBT3Fu5Kggp_IfSUTO2Nlud0RWnPEgrX7lkxFdrQI91kylaZLEBmADo76JQ7F4ku8ug4yfqLhzi2btqLa1GOkvuCovolZlZboZHPhysQpH4L_4g2ByusKzDl2G1XViua5dc7pASLd-NnVSpc8baRg03r28OcpgdBOdMRuceUq0HP9ttWRhAeJSmuILvWtYEjgBAGABqahrc3RpdLM-wGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgHAQATIC6wI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_06vPAwzA_-poQTTPez_Froxu44DA%26client%3Dca-pub-1067374679252537%26adurl%3D
Frame ID: FF6EF4791EC37C6C8469304AE6895EE0
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2ACCFFF773427CFD0E49B4A6FCC031FB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B653FC82212F0FF7460903C480CF6A6F
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs
Frame ID: 078575D4F3F1F0A06341364810F16A80
Requests: 13 HTTP requests in this frame

Frame: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5FFCD8D783D7F89D0D3C98B27FB04325
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKWQ9cICEMTp4s4CGP_k5-IBMAE&v=APEucNWBgNUrCHJgPGelTYb574BCMk6b3w3Vd4Xk9mMTvnHvYXwLKlFn1AxJc_a4gegZGk2SFRJkqELYHYBGm1EbH0BtOSxXQQ
Frame ID: FCFE0D5AAC3A0ABD55D58B724635B8FE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B79C3DF0AC48455BEDEA4706FD837814
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs
Frame ID: D1172996834E6A68988F730446D308EF
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 98EF0374007C5C09AEF8D247E3F69158
Requests: 9 HTTP requests in this frame

Frame: https://5f5628a644174647648efa43c93c472b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: A6FC20BAB5A64C42FA950D6E260F86FD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C6CADACD8D402C01E8ABFC71902AEF47
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 09FE039C898FF59A2287BFAACD0368A0
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs
Frame ID: 8D7DCB4B25F5DF9E23915DCABF15343D
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UsaTimePost.Com - Web Article's Protocol

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Lightbox (JavaScript Libraries) Expand

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

153
Requests

99 %
HTTPS

74 %
IPv6

14
Domains

25
Subdomains

24
IPs

4
Countries

2338 kB
Transfer

4770 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 94

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 119

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

153 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
go.usatimepost.com/ 37 KB
38 KB 189ms
125ms Document
text/html 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache / PHP/7.4.33
Resource Hash: 464dc877a3c96ff649aa9f9097adbae924c29f64ae475b155f34ae02464e5aa1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 10 Apr 2023 17:08:57 GMT
link: <https://go.usatimepost.com/wp-json/>; rel="https://api.w.org/"
server: Apache
x-powered-by: PHP/7.4.33

GET
H2 200 style.min.css
go.usatimepost.com/wp-includes/css/dist/block-library/ 95 KB
95 KB 27ms
27ms Stylesheet
text/css 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-includes/css/dist/block-library/style.min.css
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:57 GMT
last-modified: Thu, 30 Mar 2023 06:04:17 GMT
server: Apache
accept-ranges: bytes
content-length: 97517
content-type: text/css

GET
H2 200 classic-themes.min.css
go.usatimepost.com/wp-includes/css/ 291 B
355 B 26ms
26ms Stylesheet
text/css 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-includes/css/classic-themes.min.css
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:57 GMT
last-modified: Thu, 30 Mar 2023 06:04:17 GMT
server: Apache
accept-ranges: bytes
content-length: 291
content-type: text/css

GET
H2 200 wp-emoji-release.min.js Show response
go.usatimepost.com/wp-includes/js/ 18 KB
18 KB 35ms
34ms Script
application/javascript 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-includes/js/wp-emoji-release.min.js
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Thu, 30 Mar 2023 06:04:17 GMT
server: Apache
accept-ranges: bytes
content-length: 18692
content-type: application/javascript

GET
H2 200 style.css
go.usatimepost.com/wp-content/themes/sahifa/ 196 KB
196 KB 311ms
309ms Stylesheet
text/css 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 87ea60a55055936658e6609f45bd09b8de7dc2dd5d4b1504ab0505dfe79880c9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Wed, 01 Feb 2023 11:59:48 GMT
server: Apache
accept-ranges: bytes
content-length: 200896
content-type: text/css

GET
H2 200 skin.css
go.usatimepost.com/wp-content/themes/sahifa/css/ilightbox/dark-skin/ 7 KB
7 KB 311ms
310ms Stylesheet
text/css 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/css/ilightbox/dark-skin/skin.css
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 949448840982c267cbacb0aadde067218f404646e15e92b72991715a2988d1f0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 7289
content-type: text/css

GET
H2 200 css
fonts.googleapis.com/ 754 B
742 B 194ms
59ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700

Requested by

Host: go.usatimepost.com
URL: https://go.usatimepost.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a8a7c6483f73f962abb0f768408bc73c219a0164ee43f60ac57595d314c1bebe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 10 Apr 2023 17:08:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 10 Apr 2023 16:27:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 10 Apr 2023 17:08:58 GMT

GET
H2 200 jquery.min.js Show response
go.usatimepost.com/wp-includes/js/jquery/ 88 KB
88 KB 261ms
260ms Script
application/javascript 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-includes/js/jquery/jquery.min.js
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Thu, 30 Mar 2023 06:04:17 GMT
server: Apache
accept-ranges: bytes
content-length: 89815
content-type: application/javascript

GET
H2 200 jquery-migrate.min.js Show response
go.usatimepost.com/wp-includes/js/jquery/ 13 KB
13 KB 261ms
260ms Script
application/javascript 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-includes/js/jquery/jquery-migrate.min.js
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Thu, 30 Mar 2023 06:04:17 GMT
server: Apache
accept-ranges: bytes
content-length: 13424
content-type: application/javascript

GET
H2 200 spt Show response
tg1.aniview.com/api/adserver/ 26 KB
7 KB 116ms
31ms Script
text/javascript 69.16.175.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://tg1.aniview.com/api/adserver/spt?AV_TAGID=63dc913afb0ad4a8d3015594&AV_PUBLISHERID=63d78a95feee817a470cff47
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: 1c603a1c78bc2ed7cc089dc42cc00352275f1f38d3014035fd48c39092bf5742

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
content-encoding: gzip
x-hw: 1681146538.dop141.am5.t,1681146538.cds221.am5.hn,1681146538.cds301.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 6557

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
25 KB 204ms
104ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: go.usatimepost.com
URL: https://go.usatimepost.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af35620b7d50811b905d201d7ee9d6bcaf4b93a4b818293fcc3e5716dd3f4156

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25571
x-xss-protection: 0
server: cafe
etag: 285 / 19457 / m202304030101 / config-hash: 14281082429472416202
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 17:08:58 GMT

GET
H2 200 student-loan-forgiveness-approved-in-usa-7b4dd5b8-1-310x165.jpg
go.usatimepost.com/wp-content/uploads/2023/02/ 8 KB
8 KB 35ms
34ms Image
image/jpeg 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.usatimepost.com/wp-content/uploads/2023/02/student-loan-forgiveness-approved-in-usa-7b4dd5b8-1-310x165.jpg
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 4fa1d7f87465a15ffd7ce5463d13cea5c00623d46bda85b019f2edbf0fc6264b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Wed, 01 Feb 2023 03:06:01 GMT
server: Apache
accept-ranges: bytes
content-length: 7812
content-type: image/jpeg

GET
H2 200 tie-scripts.js Show response
go.usatimepost.com/wp-content/themes/sahifa/js/ 78 KB
78 KB 26ms
25ms Script
application/javascript 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/js/tie-scripts.js
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 876f23e7657b92023a8e20eae73a01479a9984d9f3ecff70bb0c8cffeb6ebc71

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 80042
content-type: application/javascript

GET
H2 200 ilightbox.packed.js Show response
go.usatimepost.com/wp-content/themes/sahifa/js/ 75 KB
75 KB 25ms
25ms Script
application/javascript 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/js/ilightbox.packed.js
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 77b74a5bce714f35bfcde3cd6624f4ace3fbb31adeea328660110d7cd6849d72

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 77166
content-type: application/javascript

GET
H2 200 search.js Show response
go.usatimepost.com/wp-content/themes/sahifa/js/ 15 KB
15 KB 36ms
35ms Script
application/javascript 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/js/search.js
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: d6c6d0b6440485f2536e96758b074c4713ef69a56511f2af2128f23ce6eebdca

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 15010
content-type: application/javascript

GET
H2 200 body-bg7.png
go.usatimepost.com/wp-content/themes/sahifa/images/patterns/ 21 KB
21 KB 34ms
33ms Image
image/png 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/images/patterns/body-bg7.png
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 7a6ac6e588a725241e6f43feaad46fb36de9682576f5f29c570edc3ec5247477

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 21146
content-type: image/png

GET
H2 200 home.png
go.usatimepost.com/wp-content/themes/sahifa/images/ 1022 B
1 KB 33ms
33ms Image
image/png 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/images/home.png
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 6039cdb2c8028b73ddb9d711e7eb22834a8e11ba865283a7ed2fd2c75a401040

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 1022
content-type: image/png

GET
H2 200 stripe.png
go.usatimepost.com/wp-content/themes/sahifa/images/ 93 B
130 B 30ms
30ms Image
image/png 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/images/stripe.png
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 23c79bb552706be2ca97bdb259921e3269a5263326b147676c2f7909a45b58c9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 93
content-type: image/png

GET
H2 200 SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2
fonts.gstatic.com/s/droidsans/v18/ 22 KB
22 KB 134ms
62ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidsans/v18/SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e803cd8c5031ac6b0d099a2d96ba1c3ee44782649a7f7c6f0d09b6410d93e216

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.usatimepost.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 04 Apr 2023 11:06:39 GMT
x-content-type-options: nosniff
age: 540139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22376
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:25:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Apr 2024 11:06:39 GMT

GET
H2 200 fontawesome-webfont.woff2
go.usatimepost.com/wp-content/themes/sahifa/fonts/fontawesome/ 65 KB
65 KB 30ms
30ms Font
font/woff2 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/fonts/fontawesome/fontawesome-webfont.woff2?v=4.4.0
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

Referer: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
Origin: https://go.usatimepost.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 66624
content-type: font/woff2

GET
H2 200 SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
fonts.gstatic.com/s/droidsans/v18/ 21 KB
21 KB 104ms
32ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a291479495fbb281655d5e870c6d118dc6b7ed18e8c235aef5974c1e9de4e6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.usatimepost.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 04 Apr 2023 10:32:00 GMT
x-content-type-options: nosniff
age: 542218
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21224
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:04:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Apr 2024 10:32:00 GMT

GET
H2 200 BebasNeue-webfont.woff
go.usatimepost.com/wp-content/themes/sahifa/fonts/BebasNeue/ 20 KB
20 KB 30ms
30ms Font
font/woff 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://go.usatimepost.com/wp-content/themes/sahifa/fonts/BebasNeue/BebasNeue-webfont.woff
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: e8c2e4d6ab0ad2f055a6cc3c777d31531e665758db5ca815f2613afad72f7088

Request headers

Referer: https://go.usatimepost.com/wp-content/themes/sahifa/style.css
Origin: https://go.usatimepost.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Tue, 31 Jan 2023 23:44:19 GMT
server: Apache
accept-ranges: bytes
content-length: 19996
content-type: font/woff

GET
H2 200 google-upcoming-updates-in-2023-b7c44b5f-1985-63da625e772b5-310x165.png
go.usatimepost.com/wp-content/uploads/2023/02/ 47 KB
47 KB 323ms
323ms Image
image/png 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.usatimepost.com/wp-content/uploads/2023/02/google-upcoming-updates-in-2023-b7c44b5f-1985-63da625e772b5-310x165.png
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 2f1c74ac47551cbb1afd2821b20f6dbace03cb63008d700fbedb2774450e17e2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Wed, 01 Feb 2023 13:02:01 GMT
server: Apache
accept-ranges: bytes
content-length: 48534
content-type: image/png

GET
H2 200 why-big-companies-laying-off-employees-cea972ab-1-310x165.jpg
go.usatimepost.com/wp-content/uploads/2023/02/ 21 KB
21 KB 325ms
325ms Image
image/jpeg 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.usatimepost.com/wp-content/uploads/2023/02/why-big-companies-laying-off-employees-cea972ab-1-310x165.jpg
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: a1cfd68116a34b23c18bff8c57cda617cf20d2877a7c217edbbe6fda3c947096

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Wed, 01 Feb 2023 03:22:01 GMT
server: Apache
accept-ranges: bytes
content-length: 21265
content-type: image/jpeg

GET
H2 200 you-should-avoided-this-during-winter-5b67408a-1-310x165.jpg
go.usatimepost.com/wp-content/uploads/2023/02/ 10 KB
10 KB 325ms
324ms Image
image/jpeg 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.usatimepost.com/wp-content/uploads/2023/02/you-should-avoided-this-during-winter-5b67408a-1-310x165.jpg
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: 3032fe164835c726fb0431b80a6e10fee3c873e6f7156d9ef612965c7a23267f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Wed, 01 Feb 2023 03:08:01 GMT
server: Apache
accept-ranges: bytes
content-length: 10648
content-type: image/jpeg

GET
H2 200 crypto-news-3m-266cf9a5-1985-63d9d77a37151-310x165.jpg
go.usatimepost.com/wp-content/uploads/2023/02/ 9 KB
9 KB 325ms
324ms Image
image/jpeg 185.217.92.81
ABELOHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.usatimepost.com/wp-content/uploads/2023/02/crypto-news-3m-266cf9a5-1985-63d9d77a37151-310x165.jpg
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.217.92.81 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: 0dramacool.org
Software: Apache /
Resource Hash: c45df86f5542ba7e4821902ddf409991ef392fddb8659aa96634e8acf6de54d6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:58 GMT
last-modified: Wed, 01 Feb 2023 03:08:01 GMT
server: Apache
accept-ranges: bytes
content-length: 9056
content-type: image/jpeg

GET
H2 200 track
track1.aniview.com/ 0
71 B 352ms
104ms Image
text/plain 3.224.209.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?pid=63d78a95feee817a470cff47&cid=63d7b37dbb37b73aa805ca86&cb=1681146538898&r=go.usatimepost.com&stagid=63dc913afb0ad4a8d3015594&stplid=63dccc3f6eb8444ea80a5d1a&d35=&d65=&d66=8&d74=&e=playerLoaded&str=viewable
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.209.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-209-45.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 352ms
104ms Image
text/plain 3.224.209.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?pid=63d78a95feee817a470cff47&cid=63d7b37dbb37b73aa805ca86&cb=1681146538900&r=go.usatimepost.com&stagid=63dc913afb0ad4a8d3015594&stplid=63dccc3f6eb8444ea80a5d1a&d35=&d65=&d66=8&d74=&e=playerLoaded&str=viewable
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.209.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-209-45.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/ 396 KB
123 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0ee1b83a672e602c818711d3165f40b3c24571f136a76235b5e01bb542afd62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 07:29:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34770
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125778
x-xss-protection: 0
server: cafe
etag: 17784413963224027771
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 09 Apr 2024 07:29:29 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 289 B
181 B 188ms
67ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=go.usatimepost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ecc7ade390c050bcc20e786ed4c93566d4938f9686bdda10ffa0294e3ce0a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156
x-xss-protection: 0
expires: Mon, 10 Apr 2023 17:08:59 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
531 B 130ms
39ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=go.usatimepost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 113ms
40ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=go.usatimepost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 57 KB
12 KB 783ms
782ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1764458240904067&correlator=4109753434587903&eid=31072879%2C21065725&output=ldjh&gdfp_req=1&vrg=202304030101&ptt=17&impl=fif&iu_parts=22387492205%3A22857120893%2Cusatimepost.com.Banner0.1675108465&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&ifi=1&adks=740634710&didk=3220783546&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681146539235&lmt=1681146539&dlt=1681146538346&idt=785&adxs=436&adys=246&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fgo.usatimepost.com%2F&frm=20&vis=1&psz=1600x0&msz=1600x0&fws=0&ohw=0&ga_vid=944308028.1681146539&ga_sid=1681146539&ga_hid=1814240807&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bda5343341ead54a0c80597dc185225b6a60da9d434910f9ee7d8e15212d746

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12712
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go.usatimepost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 57 KB
13 KB 1404ms
1403ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1764458240904067&correlator=4109753434587903&eid=31072879%2C21065725&output=ldjh&gdfp_req=1&vrg=202304030101&ptt=17&impl=fif&iu_parts=22387492205%3A22857120893%2Cusatimepost.com.Banner0.1675058648&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&ifi=2&adks=3039440573&didk=2556482693&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681146539242&lmt=1681146539&dlt=1681146538346&idt=785&adxs=640&adys=246&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fgo.usatimepost.com%2F&frm=20&vis=1&psz=1600x0&msz=1600x0&fws=0&ohw=0&ga_vid=944308028.1681146539&ga_sid=1681146539&ga_hid=1814240807&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac7af3b70637c40c88f4337d36f1cd7011e7f9dedf98047d0976884b94aba039

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13099
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go.usatimepost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 453ms
450ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1764458240904067&correlator=4109753434587903&eid=31072879%2C21065725&output=ldjh&gdfp_req=1&vrg=202304030101&ptt=17&impl=fif&iu_parts=22387492205%3A22857120893%2Cusatimepost.com_GGINT&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=3&adks=220486695&didk=1162322772&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&cdm=go.usatimepost.com&abxe=1&dt=1681146539244&dlt=1681146538346&idt=785&adxs=250&adys=270&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=usatimepost.com&loc=https%3A%2F%2Fgo.usatimepost.com%2F&frm=20&vis=1&psz=700x1404&msz=700x0&fws=0&ohw=0&ga_vid=944308028.1681146539&ga_sid=1681146539&ga_hid=1814240807&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

caecb1f81fef3d2ee35eb9a7c72a7ac6a183f746390bacc056fae1067e001301

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10003
x-xss-protection: 0
google-lineitem-id: 6213525494
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138421792681
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go.usatimepost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
7 KB 812ms
810ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1764458240904067&correlator=4109753434587903&eid=31072879%2C21065725&output=ldjh&gdfp_req=1&vrg=202304030101&ptt=17&impl=fif&iu_parts=22387492205%3A22857120893%2Cusatimepost.com.Banner0.1675058696&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C320x280%7C336x280%7C360x300&ifi=4&adks=2416101915&didk=2556482787&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&cdm=go.usatimepost.com&abxe=1&dt=1681146539246&dlt=1681146538346&idt=785&adxs=980&adys=271&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=usatimepost.com&loc=https%3A%2F%2Fgo.usatimepost.com%2F&frm=20&vis=1&psz=370x0&msz=370x0&fws=0&ohw=0&ga_vid=944308028.1681146539&ga_sid=1681146539&ga_hid=1814240807&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73110cc5fae491aacb5d66f89a119f50eb986fbe0cf768271ad65dac5af51763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6874
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go.usatimepost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
10 KB 416ms
416ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1764458240904067&correlator=4109753434587903&eid=31072879%2C21065725&output=ldjh&gdfp_req=1&vrg=202304030101&ptt=17&impl=fif&iu_parts=22387492205%3A22857120893%2Cusatimepost.com.Banner0.1675058632&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C300x100%7C320x50%7C320x100&ifi=5&adks=2221337255&didk=255310727&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&cdm=go.usatimepost.com&abxe=1&dt=1681146539248&dlt=1681146538346&idt=785&adxs=650&adys=1150&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=usatimepost.com&loc=https%3A%2F%2Fgo.usatimepost.com%2F&frm=20&vis=1&psz=1600x-1&msz=1600x-1&fws=512&ohw=0&ga_vid=944308028.1681146539&ga_sid=1681146539&ga_hid=1814240807&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ae177481a90607372db6e6c484074e6ec1b907a00719a14c48f986ef6407e5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10461
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go.usatimepost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9306 6 KB
3 KB 231ms
67ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.usatimepost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 17:08:59 GMT
expires: Tue, 09 Apr 2024 17:08:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 162ms
83ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304030101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e4eeea35c7825f5aae1639cce0c5c6931d4936b0953a4cc3306ef9524700398d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11271
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 137ms
62ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Apr 2023 17:08:59 GMT

GET
H2 200 container.html Show response
edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5431 6 KB
3 KB 61ms
60ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.usatimepost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 17:08:59 GMT
expires: Tue, 09 Apr 2024 17:08:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2FD5 0
0 68ms
68ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZNxM0qmE0hkhvnpNn_83vZiOxzH308kAc5cINrCMOB6nZihp9VFjzVXd8XCgEFnDtHRNjka2qQdPIV29AJWu2mxCDAlmGva6DnpMi3ftpP9KIKcA4R_q2ex369jEgHFKv0_WTb2JAITn9najOHjdyctni-eBUbRHFjyV98MPG6Vfs88gfz3WcujMSBXf99dIORKr8DZX0ex6eJJX6ggTGv4MlSYSP9YboW88Lz8ktaKM4YcOYrwWu_5canCbK-1lBND-vjyyR2SpviNX9hdGQ29NyGg6T6py2MRVe_OY5kda47XyIecKG_rW4Bd_hMkcN7pRfMm-JhqmClLWzAMw&sai=AMfl-YT55OTYxYzmIgYGia3URrofzpsS2W2Do-EE-oVgmG8qLmZV-sUy-4IrBIvJkk-kbulHVWPEI5yabsCdc3u3Mute_yG3W2X5UBvd4SIEFQ161wligR8XaFAZ3kByhkmaxOQNlMuJ4P5wahKeLR3q&sig=Cg0ArKJSzDAKHsEFKbEEEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: go.usatimepost.com
URL: https://go.usatimepost.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 10 Apr 2023 17:08:59 GMT

GET
H2 200 index.js Show response
cdn.greedygame.com/interstitial/v1/ Frame 2FD5 7 KB
3 KB 254ms
29ms Script
application/javascript 34.111.218.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.greedygame.com/interstitial/v1/index.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.218.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.218.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d147d45c98b73f762807832f53008c649c030391aa25b026b5b2a488a091b610

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 18:15:43 GMT
content-encoding: gzip
age: 82396
x-guploader-uploadid: ADPycdvQXPEDcnePkFyyOL9kkUIMozput_QqfpLS5hd-u840Ne4XggsSuHII8zYuoYXCW7qkZshpxP4y4_MOstpa2CGnnfLPtH_P
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2594
last-modified: Wed, 14 Dec 2022 14:55:57 GMT
server: UploadServer
etag: "fb0ce822c90a3e19fd19ebf57a6810c1"
x-goog-generation: 1671029757306674
x-goog-hash: crc32c=dbCPUw==, md5=+wzoIskKPhn9Gev1emgQwQ==
content-type: application/javascript
cache-control: no-transform,public,max-age=3600
x-goog-stored-content-length: 2594
accept-ranges: bytes

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2FD5 159 KB
49 KB 150ms
52ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5afb1d597d8f5d70f17d3968e407d2ce25a9b7a587f2f723f3784c51b01f5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49753
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1680694322409811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Apr 2023 17:08:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2FD5 0
29 B 71ms
70ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 10 Apr 2023 17:08:59 GMT

GET
H2 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/ Frame 5431 8 KB
4 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/error_handler.js

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 02:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52040
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3465
x-xss-protection: 0
server: cafe
etag: 6788195977828770272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Apr 2023 02:41:39 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/ Frame 5431 3 KB
1 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/window_focus_fy2021.js

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 07:26:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34955
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Apr 2023 07:26:24 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/ Frame 5431 20 KB
8 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df24ebf60aaa54667cae78dd6098d226d14eaafd714b536dd1ee6445003c2d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 20:01:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76023
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8268
x-xss-protection: 0
server: cafe
etag: 8048349561987089234
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 20:01:56 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 5431 24 KB
7 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 09:36:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 372742
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 05 Apr 2024 09:36:37 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5431 159 KB
49 KB 158ms
98ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5afb1d597d8f5d70f17d3968e407d2ce25a9b7a587f2f723f3784c51b01f5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49753
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1680694322409811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Apr 2023 17:08:59 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5431 0
0 88ms
88ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1O72q0I0ZPvlE8fX7gPXg6soyZ7SsVzVnZH3cMCNtwEQASAAYJGEoIWMGIIBF2NhLXB1Yi0xMDY3Mzc0Njc5MjUyNTM3yAEJqQIAdxmc1ESyPuACAKgDAaoEowJP0Nntz6KUYNMEl-pMEJ9xogctu93i5JZ891uop2IhNSml7IcDgHxxi5DKEChuDLA8D_CWPFsPKLHYaMti2SgIr7lxsJJqGdKc1RJ3BSTGam9HUmYoXEvU5VqKCsq6yguivhhgFSnQtVXTpLaMy6nWYh1Sr4TIe7-utZLGVULPjwDKQdDnl_akWEIeGq9dTY6THwR9d5LGBT3Fu5Kggp_IfSUTO2Nlud0RWnPEgrX7lkxFdrQI91kylaZLEBmADo76JQ7F4ku8ug4yfqLhzi2btqLa1GOkvuCovolZlZboZHPhysQpH4L_4g2ByusKzDl2G1XViua5dc7pASLdutv02BCz8bffT25VINqPedlafnJkX_2oZLvAECcumiuRz8EMPUrgBAGABqahrc3RpdLM-wGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgHAQATIC6wI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTEwNjczNzQ2NzkyNTI1MzcYk6J7&sigh=nRfH6Xp1xKk&uach_m=[UACH]&cid=CAQSLQDUE5ymSvz1Sp7VS7S9DOiXnjx1KRr7741w8YSDDLshmCtWdqYUv2zD8Jfs1hgB
Requested by: Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 5431 0
0 78ms
25ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k6fdFI3uDcACZJ2DYgICAAAAM0rz6mjtpDVw1Gd7PvaNdRCrQjRko525k8GvkxFuVgAAEgAACgpBUVVCQVFFUEFR&wp=ZDRCqwAE8vsKe6vHAArB144GIyt1NWQX5o8x-A

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 152676
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame FF6E 193 KB
56 KB 214ms
124ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZDRCqwAE8vsKe6vHAArB144GIyt1NWQX5o8x-A&u=%7CcqldiJDKqkkScMI2XFIXhNZG9P8Mu%2FsvF6OyxTHVpc0%3D%7C&c1=zhOks3zwNR2QJkrtGpxDD0z6RaFAlAQ66URtX1gfQsB7PXt8PBrVICWZYsqhnD-StMZbxg0k2Ak-Al1f8f2ZDEFL-NOjD2rmMPAOGGbFHUxKi4mpyHC3tU6Zoe5gEG46dEdSQVJ_sA8fb1UVF344_YzBRuzd4-Kgnyr9_zTxBxzmpKspkjqWjoyXZvcPXvdClQc2ejDaz386HFajh-P6qY-vhV_IkCtQm1MmNn7GvSBp8voI7nPHBRR0-I2NFC3hcnQFx3w167WdDzDV82KWf4H0gnLilY9bUJikPbWlOqWz_Rw6k8vFpXkPVidSPDMcuDl-aRhs0axkRLUaUpICjaCa3KmWO_lcAGvmaALYgPMN3AtEgtVHZVcy5wAy8bXRXVKNWr5yTMGzKuYEW8OFryCtCwMVb9-iOHihcVvpo3tvz1ECwygZJRTL85kgJahoAXbiijGWBHYFGAjVshrvjU2JMKKNfIc0GFoF5DaHZSLY4eHbo-H0tOgi3MCdoc2Jl_r8QVIGGaUSrQGg0oxhyxEZteuiBsnwkA0UZyPapki7M9kcjHCkFfGuTj7d2wWsuYiUzaAQwfdo4Vk0Aax8joyp-eTtSaN77pWY9g0GHmrb9bAnhooqnA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCL1aOq0I0ZPvlE8fX7gPXg6soyZ7SsVzVnZH3cMCNtwEQASAAYJGEoIWMGIIBF2NhLXB1Yi0xMDY3Mzc0Njc5MjUyNTM3yAEJqQIAdxmc1ESyPuACAKgDAaoEpgJP0Nntz6KUYNMEl-pMEJ9xogctu93i5JZ891uop2IhNSml7IcDgHxxi5DKEChuDLA8D_CWPFsPKLHYaMti2SgIr7lxsJJqGdKc1RJ3BSTGam9HUmYoXEvU5VqKCsq6yguivhhgFSnQtVXTpLaMy6nWYh1Sr4TIe7-utZLGVULPjwDKQdDnl_akWEIeGq9dTY6THwR9d5LGBT3Fu5Kggp_IfSUTO2Nlud0RWnPEgrX7lkxFdrQI91kylaZLEBmADo76JQ7F4ku8ug4yfqLhzi2btqLa1GOkvuCovolZlZboZHPhysQpH4L_4g2ByusKzDl2G1XViua5dc7pASLd-NnVSpc8baRg03r28OcpgdBOdMRuceUq0HP9ttWRhAeJSmuILvWtYEjgBAGABqahrc3RpdLM-wGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgHAQATIC6wI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_06vPAwzA_-poQTTPez_Froxu44DA%26client%3Dca-pub-1067374679252537%26adurl%3D

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f42816ce1cc02b9cae08862251d701859e65481d2c6cd6c2f9c45d4a4805e87f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 17:08:59 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=8mgeu0HVvsIcql4oSn-F_9Pa1VvwmboTk3l1EePJSxwynoLLAT0iWDkKanAF0uHcmcj2bKrEn0_BwRqte8Z2niRvdhi_Pyz9u31IEc_lFBUPK_46I6LM9GpBxzJ97qSUW2sU6jb911d9OBkllKnnRXn_0XYTHJecTo4F0D7NLdTsqmwpE_9Gs6ctXEMfbvkJnjgoYZfLx2bETbSxGsf4lTvga7myeBfsl3VAQgIlSAqTbFo6jRuRa77yFdo"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 68170880
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 5431 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90522044a3ff1c99765ed1af38b02d47525d02c43c2ae85281949a053c10c51f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2ACC 13 KB
5 KB 32ms
31ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.usatimepost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 11903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 13:50:36 GMT
expires: Tue, 09 Apr 2024 13:50:36 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B653 783 B
1 KB 114ms
41ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bbe42fb5feeda11de325045eff868104046ff83b358b1aaa724fa6cabcbd15fc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KOuuBhOoKExtnhd9eDs_Pg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.usatimepost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 510
content-security-policy: script-src 'report-sample' 'nonce-KOuuBhOoKExtnhd9eDs_Pg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 17:08:59 GMT
expires: Mon, 10 Apr 2023 17:08:59 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Bo5p8DbEpWqq_61_uCYPeBu7T3aczz0WnYolkwB_A5I.js Show response
pagead2.googlesyndication.com/bg/ Frame 2ACC 36 KB
14 KB 98ms
31ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Bo5p8DbEpWqq_61_uCYPeBu7T3aczz0WnYolkwB_A5I.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068e69f036c4a56aaaffad7fb8260f781bbb4f769ccf3d169d8a2593007f0392

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 16:18:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3025
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14136
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 13:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Apr 2024 16:18:34 GMT

GET
DATA 200
OK truncated
/ Frame 2FD5 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60dddbbf17b585a67eb9b93646e2968665e9eabe2a131ca6100f020a6ebe11b4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2FD5 0
0 84ms
78ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssektDyMSYjAO_yUCugpl-2DF6LJiQmrPiVyD80Mu9WdHBf3Sl3DX9hg6r0foEO_cbanbvRcmJhZQ5W9IaPMQqKmddBASCdKQtsNIuwuSngaWoHPD83-Fp5f7rPq5LkfBAho4O2oio72mBCKUfDhiOfYhqdJ5INLW3YekpS3KaQX-NwUnubjQ3MZvw9qqGMV6sXFMIkstGx5A1QQtVdaqSRCb_pWXLlBbbXL8LI7bqfQjyHQdg2jIxPgnNKhBBIwUOpEEiwKBl_eMcGcIn4NTaU2Fec7zvSaUXpA2_OKh2Y2BaEpBJdd8GebhVOt14d2viS5VSmuHkuzQ0Bq9MEDudY9A&sai=AMfl-YQI9E5q5excbxYfdwaZeYys0m-gcKQs_N2cIQLu1W2JwfRH_bdZBp2PdXmw-PskqMSn2Q6Kt-VoSV7IBuji_LPytyAIHzPXeUp4BTrrQ4W9wPHLrEH0HVCbAmvSXwPj8QGbw9kWxcDnxf12bsWU&sig=Cg0ArKJSzFMigGu2z4IhEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 10 Apr 2023 17:09:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B653 0
0 136ms
135ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304030101&jk=1764458240904067&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame FF6E 2 KB
1 KB 89ms
32ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZDRCqwAE8vsKe6vHAArB144GIyt1NWQX5o8x-A&u=%7CcqldiJDKqkkScMI2XFIXhNZG9P8Mu%2FsvF6OyxTHVpc0%3D%7C&c1=zhOks3zwNR2QJkrtGpxDD0z6RaFAlAQ66URtX1gfQsB7PXt8PBrVICWZYsqhnD-StMZbxg0k2Ak-Al1f8f2ZDEFL-NOjD2rmMPAOGGbFHUxKi4mpyHC3tU6Zoe5gEG46dEdSQVJ_sA8fb1UVF344_YzBRuzd4-Kgnyr9_zTxBxzmpKspkjqWjoyXZvcPXvdClQc2ejDaz386HFajh-P6qY-vhV_IkCtQm1MmNn7GvSBp8voI7nPHBRR0-I2NFC3hcnQFx3w167WdDzDV82KWf4H0gnLilY9bUJikPbWlOqWz_Rw6k8vFpXkPVidSPDMcuDl-aRhs0axkRLUaUpICjaCa3KmWO_lcAGvmaALYgPMN3AtEgtVHZVcy5wAy8bXRXVKNWr5yTMGzKuYEW8OFryCtCwMVb9-iOHihcVvpo3tvz1ECwygZJRTL85kgJahoAXbiijGWBHYFGAjVshrvjU2JMKKNfIc0GFoF5DaHZSLY4eHbo-H0tOgi3MCdoc2Jl_r8QVIGGaUSrQGg0oxhyxEZteuiBsnwkA0UZyPapki7M9kcjHCkFfGuTj7d2wWsuYiUzaAQwfdo4Vk0Aax8joyp-eTtSaN77pWY9g0GHmrb9bAnhooqnA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCL1aOq0I0ZPvlE8fX7gPXg6soyZ7SsVzVnZH3cMCNtwEQASAAYJGEoIWMGIIBF2NhLXB1Yi0xMDY3Mzc0Njc5MjUyNTM3yAEJqQIAdxmc1ESyPuACAKgDAaoEpgJP0Nntz6KUYNMEl-pMEJ9xogctu93i5JZ891uop2IhNSml7IcDgHxxi5DKEChuDLA8D_CWPFsPKLHYaMti2SgIr7lxsJJqGdKc1RJ3BSTGam9HUmYoXEvU5VqKCsq6yguivhhgFSnQtVXTpLaMy6nWYh1Sr4TIe7-utZLGVULPjwDKQdDnl_akWEIeGq9dTY6THwR9d5LGBT3Fu5Kggp_IfSUTO2Nlud0RWnPEgrX7lkxFdrQI91kylaZLEBmADo76JQ7F4ku8ug4yfqLhzi2btqLa1GOkvuCovolZlZboZHPhysQpH4L_4g2ByusKzDl2G1XViua5dc7pASLd-NnVSpc8baRg03r28OcpgdBOdMRuceUq0HP9ttWRhAeJSmuILvWtYEjgBAGABqahrc3RpdLM-wGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgHAQATIC6wI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_06vPAwzA_-poQTTPez_Froxu44DA%26client%3Dca-pub-1067374679252537%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Apr 2024 17:09:00 GMT

GET
H2 200 adchoices_nl.svg
static.criteo.net/flash/icon/ Frame FF6E 2 KB
1 KB 82ms
25ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_nl.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

64fdded9ab4b4066a71232c0d8c7e2416ec277f566adb122776af14c21831fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-754"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Apr 2024 17:09:00 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame FF6E 308 B
636 B 68ms
30ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 04 Apr 2024 17:09:00 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame FF6E 293 B
621 B 64ms
26ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 04 Apr 2024 17:09:00 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame FF6E 43 B
348 B 220ms
42ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=YfUPZ97HQITymL8R6hlU0EhV0InOjqyHUYgdevoCL8VstSiqDtCjhtSjQv0UXlKQ1cYg6Mw4SGoExH6hyJtklpJp3L5thP0rior6L0sSLvAXJ7dKkfDQcoipK02YJg2SfivVMpsV23z2xU2PpIlsx1JUfaMGgtr0ZPJlxboPcKRfGYnAIEaQlBr-jYQF0DB3ucA_O5pbEpiaiAqdEmotJnULl3LFJAYC__OwMmKvKuoMiNxdxLjFIVC_xPi_XkHWLBq6IvncQl-jS2ONBvrk4Ym9rTwfop-_AGaatcGTIkDe-coig3ljBoB8gCB3lEkMDl927R46NZbIyVCWLccJ0uklYhJvMUzIMdYW0cLc9Op1yJtDRvLBw5_oWhVdB8gRXwYdOKEWP6fYDxziNI5czakKaqsw0Up3sGKsBfNrTo8okoL8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:08:59 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1742539
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012303151621000/ Frame 0785 221 KB
60 KB 166ms
74ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32a398551559147de00a9581403ae7e14230f11397e39e34887d0cbc5ed9c51d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61738
x-xss-protection: 0
server: sffe
etag: "0caefa4c1415de54"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame 0785 15 KB
5 KB 201ms
108ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4f1ff793b9ae11982096cb0c049cd0a0cee90b9cddfe72c35b33b370f743865

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5226
x-xss-protection: 0
server: sffe
etag: "64ac5ddec28ac2aa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame 0785 94 KB
29 KB 124ms
32ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

397850bc917afaa87d5ffce333fd3db75d324bb3a76249ab53cfd9e60197742b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28944
x-xss-protection: 0
server: sffe
etag: "46c36ca14bcffdc8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame 0785 5 KB
2 KB 199ms
107ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74cd04f60065b6e31e98e97a89b616b2f46ac40ea2533bba749515688b4b8047

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1905
x-xss-protection: 0
server: sffe
etag: "e0aae84f332fc66d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame 0785 40 KB
13 KB 157ms
65ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1085ca7b96d9f287bf35a440569948a42787e6a6b94144936149dee077b22277

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "cbb0c0b6f4ec6009"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0785 8 KB
989 B 41ms
40ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05ee926cc9bf2039ad93af941a67d23d84bd78ecd9d6ef53ff85eeaf744cbd89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 10 Apr 2023 16:49:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 10 Apr 2023 17:09:00 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0785 2 KB
2 KB 32ms
32ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: go.usatimepost.com
URL: https://go.usatimepost.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 18:05:12 GMT
x-content-type-options: nosniff
server: cafe
age: 83028
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 10 Apr 2023 18:05:12 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0785 295 B
319 B 31ms
31ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: go.usatimepost.com
URL: https://go.usatimepost.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 07:58:03 GMT
x-content-type-options: nosniff
server: cafe
age: 33057
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 11 Apr 2023 07:58:03 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0785 0
0 76ms
75ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CxexFq0I0ZJ6SFNa8gQeI6LXQDv2K0J9vquLQvK4R8NvnyY8OEAEgxfDOhAFgkYSghYwYoAHKgtGLKcgBAakCAHcZnNREsj7gAgCoAwHIAwqqBPsBT9CubVMGDAISR3mYBiF7bTzSx5LOa2S_87FedErzuHBguRU4vnRn1Ltw46J7egtnddyk0x7b8RAfqk4Xb8RVNnfoMzW9tMye6N-Q5FYMoSX5-qSyjrqKNuHC_ApHHEchWiPYfdfKLx2nLVZZo5g5KS34ILAi85qWNwKlo9Zt2sG2TqXSfxYZd42VB6KYc29-yWbJCwwhmFFrHGOdGTmd5RmjjIFsZh_7onmuoUs7nxKN6tR7Jh8m9Tvn2l68ZgT-QTJNtJG58bgS9-SHuyViDg1VhFQS6eNAWF3tB8mjU4gD9xqCVfaOWQOkTK_tDOl_7Hqn-MVyoHZDQIPABLOnn8O1BOAEAZIFBAgEGAGSBQQIBRgEgAfKuqHrA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEENPsCdIIEQiA4YBwEAEYHTIC6wI6AoBAgAoDyAsB2BMM0BUBmBYBgBcBshceChwIABIUcHViLTMyMDY0NTY1NDY2NjQxODkYk6J7&sigh=gTVGX6TPXqI&uach_m=[UACH]&cid=CAQSSwDUE5ymHUbHbAgYTyikPIrn5aYgpoec1VbsEVkUVuHsVku1AzexqpF4u4TVDkdC-C3WRU0PIvMlc31V004Km9AQnn_1yJ3zxb7XYxgB
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 0785 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7413d021cfa3a714f9b1566533983168240764a3c8c4d419fa3b03719c0c9ff9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5FFC 6 KB
3 KB 45ms
44ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.usatimepost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 17:08:59 GMT
expires: Tue, 09 Apr 2024 17:08:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame FF6E 12 KB
6 KB 32ms
31ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Apr 2024 17:09:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v46/ Frame 0785 29 KB
29 KB 31ms
31ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.usatimepost.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 03 Apr 2023 21:54:53 GMT
x-content-type-options: nosniff
age: 587647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29728
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 16:59:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Apr 2024 21:54:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FF6E 9 KB
9 KB 263ms
47ms Image
image/png 2a02:2638:d::14
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=196&m=0&partner=25889&q=80&r=0&u=http%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F3049%2F220315%2F31a78b185b0547c59250a1426794d62d_logo_blanco_%281%29.png&v=3&w=196&s=AlT5J5zHbvpMZbIbb74xha3u

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::14 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

bc950a2a60439eedb15b706c2f0064c2e06cbacd8bb9f232d1c02669aed04a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29192118
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8831
expires: Wed, 13 Mar 2024 14:04:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FF6E 8 KB
8 KB 296ms
81ms Image
image/webp 2a02:2638:d::14
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=25889&q=80&r=0&u=http%3A%2F%2Fimg-nl-1.trovit.com%2Fn1qZMXg1K1g%2Fn1qZMXg1K1g.1_11.jpg&v=3&w=400&s=NQ2Qq-89WmvI6yMKpExSV7zI&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::14 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

fa1a55794f713fc3a423ea438b9426bd741691a8c34eb960e1aa6bcbf0ffad67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29413431
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7860
expires: Sat, 16 Mar 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FF6E 19 KB
19 KB 314ms
99ms Image
image/webp 2a02:2638:d::14
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=25889&q=80&r=0&u=http%3A%2F%2Fimg-nl-1.trovit.com%2F81O1y1Q1Q-dC%2F81O1y1Q1Q-dC.1_11.jpg&v=3&w=400&s=59ck9R1lNpXKBgRYdrpS0cJf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::14 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e7d16b4e62bd277e7a473d9ec7a6359daf824bce54e6bb8a6127a301b0576f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29357917
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19032
expires: Fri, 15 Mar 2024 12:07:38 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FF6E 9 KB
9 KB 356ms
141ms Image
image/webp 2a02:2638:d::14
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=25889&q=80&r=0&u=http%3A%2F%2Fimg-nl-1.trovit.com%2F1zCZYm1M71U%2F1zCZYm1M71U.1_12.jpg&v=3&w=400&s=jfck_TIIcD2Pl18ApADqcscs&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::14 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

104e4d5a6a26a46ae64e86ecdd78d55744cb469eea69e12c853856c69455c9d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29274167
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 9220
expires: Thu, 14 Mar 2024 12:51:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FF6E 13 KB
13 KB 355ms
141ms Image
image/webp 2a02:2638:d::14
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=25889&q=80&r=0&u=http%3A%2F%2Fimg-nl-1.trovit.com%2F1p1K1t1S1uZJ10%2F1p1K1t1S1uZJ10.1_13.jpg&v=3&w=400&s=PaTg_qdivw8w84-4ox3L464Y&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::14 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

9d7f45da9c21ab1ea23c2fddbfd6a1d78d4e4bfd13cb101aa86492734139c0fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29340021
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 13490
expires: Fri, 15 Mar 2024 07:09:21 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FF6E 37 KB
37 KB 336ms
121ms Image
image/webp 2a02:2638:d::14
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=25889&q=80&r=0&u=http%3A%2F%2Fimg-nl-1.trovit.com%2F13l161q1JK1N%2F13l161q1JK1N.1_13.jpg&v=3&w=400&s=0EppcFa6GQCJqKJvXMHC5Jy5&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::14 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

6a94c3a669de50840db9d342c92ff864bddb477fdd49c6b61a9606186f657be3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29294190
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 37420
expires: Thu, 14 Mar 2024 18:25:31 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame FF6E 5 KB
5 KB 108ms
107ms Image
image/webp 2a02:2638:d::14
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=25889&q=80&r=0&u=http%3A%2F%2Fimg-nl-1.trovit.com%2F1F1w1h1zOMFu%2F1F1w1h1zOMFu.1_12.jpg&v=3&w=400&s=NZbkbzqzroSvMeOQ9eqVT3tT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::14 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

cf2c6216cecf308e00c3effb9ad006ad82f5b3c3af08056e2271e9e6441051c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:08:59 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29354670
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5170
expires: Fri, 15 Mar 2024 11:13:30 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame FF6E 0
128 B 77ms
25ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=8mgeu0HVvsIcql4oSn-F_9Pa1VvwmboTk3l1EePJSxwynoLLAT0iWDkKanAF0uHcmcj2bKrEn0_BwRqte8Z2niRvdhi_Pyz9u31IEc_lFBUPK_46I6LM9GpBxzJ97qSUW2sU6jb911d9OBkllKnnRXn_0XYTHJecTo4F0D7NLdTsqmwpE_9Gs6ctXEMfbvkJnjgoYZfLx2bETbSxGsf4lTvga7myeBfsl3VAQgIlSAqTbFo6jRuRa77yFdo&sds=2&rev=85712&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame FF6E 2 KB
1 KB 28ms
27ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Apr 2024 17:09:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FCFE 0
329 B 74ms
72ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKWQ9cICEMTp4s4CGP_k5-IBMAE&v=APEucNWBgNUrCHJgPGelTYb574BCMk6b3w3Vd4Xk9mMTvnHvYXwLKlFn1AxJc_a4gegZGk2SFRJkqELYHYBGm1EbH0BtOSxXQQ

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 17:09:00 GMT
expires: Mon, 10 Apr 2023 17:09:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5FFC 78 KB
27 KB 132ms
132ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 17:09:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5FFC 42 B
63 B 133ms
131ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B5QNZp9CL0vhfCrhV7iLC6BskurJuaCz1k8ZRed0mhx-i7ZyDRm4vmMKk1Xf3ZJKPgdysclYGOyMW-mmGTYEkR_mhrUmMPL_TCQIFjNEKXeJwbctQ

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5FFC 0
20 B 133ms
132ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16741109731901422658&x=1&ct=76

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/ Frame 5FFC 3 KB
1 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/window_focus_fy2021.js

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 07:26:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34956
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Apr 2023 07:26:24 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/ Frame 5FFC 20 KB
8 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230405/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df24ebf60aaa54667cae78dd6098d226d14eaafd714b536dd1ee6445003c2d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 20:01:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8268
x-xss-protection: 0
server: cafe
etag: 8048349561987089234
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 20:01:56 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5FFC 159 KB
49 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5afb1d597d8f5d70f17d3968e407d2ce25a9b7a587f2f723f3784c51b01f5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49753
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1680694322409811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Apr 2023 17:09:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2ACC 0
10 B 31ms
31ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?wpBhsg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0785
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H3
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5FFC 0
20 B 132ms
131ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=422936158830&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5FFC 0
20 B 131ms
131ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=422936158830&version=m202301230201&ct=76&x=1&cor=16741109731901424000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5FFC 67 KB
31 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYuKt4FF7XZQP31LUvTK4KENHzrrU2XupwNqeztrPaFyY2RTzbga3XOeEGnYFiM_-hzw__sAT2HefwjE3Iq796GcelOA&cry=1&dbm_d=AKAmf-BdXAB-cOWbOI-usvqbayvpaX6lvTb-WQpSmsbTeh4Mv2fS895kJU8Be9tMYCDL2ENZaS9cUl6lpAn9K1ou4iN6IZM-fOlHPWoBTsQHTfta06IXay4NBH2zx3YzvAofBXuN2LnU_pjduSAGFwm5YfHroUvbOUDkGEiBleSEJjBXYEk0YWxxubWs2_Zjh1G2BoygIZoSbarfdY4nbWmQV6ESk-mctWRGAIJKCIoRlKw4AnwcCbCbNXSN32mFsK8FGrwTwP9ZvdpcFlR1C-z5UPA76UAOxsGy2ZW5ks5R8HEJUPOPnEqQ88Sd4AvC4YWomEM4RVCfp7q_H2QiXzhVQyWrD90T0jzBoNA0yzdS2KP_8euEqCrbOUDRZ_b7s5bnrXPUAs52aZonIkhyytUmJEe9CTxrMbB6sLgd2nxNDraixId-Ur-PRuLOXtKXGkmYhG88d4jzuAJ09ww_KR8Xj1JV-bFsQmr31axCys5hPcs4fNqcP41eFVIZOMeq5oEyE_Uf16J9d1t8ZhjiW88j9LrTuHfBJ9QMlAS6Ebxd3w8EmX8AmOusW4oMXjLlmi1Jt2LzqCKx9-0QUM1cJPebqzF2SmBk7stpQPLrl2gR5_7oLEDyhmNVro2vZ2DhI82d-2zyFIliSfa3GJNq3Y9iLhnmS-8YcfE-jwLy3gX4dtYK17Phlb4BdTRd0Mt3ePg0fx_aY0D3Hus13zj0IiVU0TMTDrpxlLctJUt8LLSV9GQlsIY7zigaQQoW8YozKvjMWzXL9IKmcvwentFSNzLNE4dJOtjH-3zeypoWDPMjmorY2V05FarvyLaI7yJpXwwPrA2rUClPOdbXknXEa9QGKmWDa5mlSYu_UgKQxiisw01UlG91Ogyt2LyAnL1jFfxX1GspK7XtPqJa9qDQhaDClXaNdxY5wiH-wgKNAEWWmfVLmYKGF2Ldy9-2hi3MA3abVYFYG5iw7o0T-tB4C4ThnsYa2yZlsMNB6KpXZVU7Q9-5nLFdCoP0RApUPkUfhrmWY0wZ0lMnTjl3ToivyjEZjidA2Wj65sN1gh4TFX_IQ7adMqNeVAjG6sPYY6usIneZZ8t3K3sCafzLyj3bPr7fTS176NWd4IAfsgC3MJDn3QYYvWGHVY7wzaJjvirkjyBTD7GYPKHvIvokXpTS5g6YNIiJTZ3wkzgEHV4Uu1dOTKqk6Cpge0VPDorijf1uZi0_imaTwTKBMXuvC1sEIZjGoY4m0t8H65GvgMWVc2KvSNLsoW5cc4A2Wa8zekozz5_4tDxNRGA1N6FNZmNAOoiYzW_H2i_m78o0M1RRCgGhw2lRce88EPImC-RCTK4EeCZlxX8s_bDj5RHolCAHVLUuxlD6XZp58opv97uDm6WFUuhU7qWLayHKGAiQ7SPKiKDXqzO2k_jJyTdekhFPrUgv_qUyXrZuiPqf9Fmg8VPQAT6X87zm0ftMDrtx5e791H2ZMBUrZc6U39ssT90N7vHD_a9cT-LBb5foYtm8OHjIOMuxXwp6qz98oaHEpd02G8iXs5GomG_c5t-Nz-g1s5X_upkx7OfBW-gc_qDv_WEE9yZ_GZZhtFsfVG5HSnw0Gb5BZxwwsxe3smbbz4wi43eLOrNHQh8ETcTHc02aR4c-26ovGHIxlFjh1dStMChZg-DfDqZG_nhBGqHgdliSBmA5SIp1uXxqG45s47YgYDkvtgN-C-RIUarAfjMEEmGLQqlsd1XF6n4584YNeQsp8ov6cfunTB2QtzKi9LuHo7i8G-Kdx1nU7PgOWfEaFmvi69TIiJqxK1lQzIsLdwKlG5tdOVPCINHmMaRexYGIVG4i2Ajv_P-ivOvOZaSCWaH0tQPFZCuXK307PRlm0_3PJpjAVbBkQLbjh_TsFC04G1RqqE5XC5xkUXC8XFbYI7Q_gL-jdcPsynlGCjbJtR6fr20WQrl3LxxryCdC3rPfPSTnmHhbatLzIkjCTsw2qux2zrWAVVdHMIb_Dl22mJFHDipuVVQDDDaQ2P3ILKpf-Y2gj5nXF178A1LXtne7jnm9dRTEsnAxMu1c2fe1HXe5HRrdPEGU-ZelfIUtNwE42S6ua8sdd59Pu67s4PvZ0vtGN0RU3xb9ZoyJ6qgkvjBXvM2u6EbdlLZC7WqxGnBXv1YiIEZsMPQvBp1Nkp3wxb8TjaKdLVvouotn35pSJ3O_Y8k9065fbMcm9pcMsrTiP7kACx8ywV9_oMAmi6btVml_P0LB5K1HT3JkDD5qm20iQntzohUKHvcGILE1D5LiO_MEhm3eqYd1YQSmDIb-g01Q5DzMeQpUgLg4h-g2GXOu8Uu0zF2KhnfHqPSVFgN_v6AxAM5k44UIy55GcaUSb_fc3Ev_kq3y2_YdXIYOg7H6JioqIDT9X1Jxmh4lEtPJYZKItjOPN-dH8KxFjrcQNRO2pu6jfFttX1qr0rcvoZq9ewKA7kvEqYaUY57HckskVO9qMBZAcxtuwfXFxJ4X0MemwQqMHgwrbgXvGYbTKf0SQghHqE1b9Ng7jT1Y8CpOvvmKiFyoQVTpY0jCMhbY6ywlgkcVFyLIq9_DoBTyVgdh4SWPJQlJyjfZPB64ayX_Mtz5sZKknURTpMyKXbxgE35JcUKWCXAs7MMMzCqIMQKuCru2XiBE--bzqGDrcLBmpkj3vefj1EVL5lux4D-5_E7Zy2sJ12XATxJOQxb5Pjz9itA49FqM4ELcdVd43Gr5UJ1ntZwd9M9TNjWw_Bi2Xvhi7bLg256cZHpuoMiNuwHT4RWDm-wYpQFcs_R6gHbEM9vwcLE6GkmZyzB_Yl2GaIOTTty7adha3qP5VKYCX2iXityYd-A-jMfXsJ0dt-070I54VSB9J7SWchPu11npRTQtTngIJR68RWzF4_fcXrA7MjgJzFrCR_qP7VGp-33MhrXj7la14Wskq50J7uwrGiLSlL2L7w7_cd87gvciivErUXW8f-s0X_6Nomvr7197CGB9mG8mpiz3G8BXSTMzzxpcsGldk8iQNXJGux2DI9oveWN2MQ3gVVFH9GYPw9y3YLsN5VOnNte5PE_0PyEqQrzA4Xt7KyxI24JOhjqj_t1ExWRF_ARjNh2ED-D5sc_atZlzGKYT2rZabM0l1gAiK8ZEzem_XlE05bXKC2xhhSCkzzAgNJ56spneNrdw2P5FFDTCQC2zkvOPHfEafpr1-BDMTbpgDrtCNGXtXwhtNOAZAbsx17zTR4PE0kI5P8x6xEJWDKkPJBhs_8puHNfqBWqfEscY7yd0nb8F0JzKgIuBP0SWl5KhLXnZfF_v0T1MvemFuwzmy5U6rSpos96bMRzTWxh2t2A0-hz6CgBcdTr-SXaaXNMzoQbi4MMo5b_qMVThOaL8aVJKVk5HwXxzNvaw7xkjzD2W9ndmYwh_UBmDSmDxzuejkZSwvs0Xuk6TrpBKAzHwMG5SmRL17-a2Kc2tIjvbymT1NIsUI1K0ZHColWYZX4MPEautCEiKZPhGT4an_OwlRe7InH0Lh4Uu2b0SCRb0MvtpR8czLdhEjZAvbdA4qp_3-EgtBvMdpn8bsOHRD0Og7jzhIEQ4MAjDDEYTtcdmraSGRCtn&cid=CAQSSwDUE5ymw_DA7TLO0HtNX_cmCsxTjOOBHv2OZmU6MogOO1TMbJRNGAM7Yvoaqv1Vu660Jqomz2KQGn-DlbzbOD5tC8OhJ5_FL4EuMBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fgo.usatimepost.com%2F&ds=l&xdt=1&iif=1&cor=16741109731901424000&adk=2228999115&idt=146&cac=0&dtd=5

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8843adf3ca0ed217eaf8262a0b5c18fab60794b8373e26c398574d09b66f605d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31796
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230405/r20110914/ Frame 5FFC 28 KB
11 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230405/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYuKt4FF7XZQP31LUvTK4KENHzrrU2XupwNqeztrPaFyY2RTzbga3XOeEGnYFiM_-hzw__sAT2HefwjE3Iq796GcelOA&cry=1&dbm_d=AKAmf-BdXAB-cOWbOI-usvqbayvpaX6lvTb-WQpSmsbTeh4Mv2fS895kJU8Be9tMYCDL2ENZaS9cUl6lpAn9K1ou4iN6IZM-fOlHPWoBTsQHTfta06IXay4NBH2zx3YzvAofBXuN2LnU_pjduSAGFwm5YfHroUvbOUDkGEiBleSEJjBXYEk0YWxxubWs2_Zjh1G2BoygIZoSbarfdY4nbWmQV6ESk-mctWRGAIJKCIoRlKw4AnwcCbCbNXSN32mFsK8FGrwTwP9ZvdpcFlR1C-z5UPA76UAOxsGy2ZW5ks5R8HEJUPOPnEqQ88Sd4AvC4YWomEM4RVCfp7q_H2QiXzhVQyWrD90T0jzBoNA0yzdS2KP_8euEqCrbOUDRZ_b7s5bnrXPUAs52aZonIkhyytUmJEe9CTxrMbB6sLgd2nxNDraixId-Ur-PRuLOXtKXGkmYhG88d4jzuAJ09ww_KR8Xj1JV-bFsQmr31axCys5hPcs4fNqcP41eFVIZOMeq5oEyE_Uf16J9d1t8ZhjiW88j9LrTuHfBJ9QMlAS6Ebxd3w8EmX8AmOusW4oMXjLlmi1Jt2LzqCKx9-0QUM1cJPebqzF2SmBk7stpQPLrl2gR5_7oLEDyhmNVro2vZ2DhI82d-2zyFIliSfa3GJNq3Y9iLhnmS-8YcfE-jwLy3gX4dtYK17Phlb4BdTRd0Mt3ePg0fx_aY0D3Hus13zj0IiVU0TMTDrpxlLctJUt8LLSV9GQlsIY7zigaQQoW8YozKvjMWzXL9IKmcvwentFSNzLNE4dJOtjH-3zeypoWDPMjmorY2V05FarvyLaI7yJpXwwPrA2rUClPOdbXknXEa9QGKmWDa5mlSYu_UgKQxiisw01UlG91Ogyt2LyAnL1jFfxX1GspK7XtPqJa9qDQhaDClXaNdxY5wiH-wgKNAEWWmfVLmYKGF2Ldy9-2hi3MA3abVYFYG5iw7o0T-tB4C4ThnsYa2yZlsMNB6KpXZVU7Q9-5nLFdCoP0RApUPkUfhrmWY0wZ0lMnTjl3ToivyjEZjidA2Wj65sN1gh4TFX_IQ7adMqNeVAjG6sPYY6usIneZZ8t3K3sCafzLyj3bPr7fTS176NWd4IAfsgC3MJDn3QYYvWGHVY7wzaJjvirkjyBTD7GYPKHvIvokXpTS5g6YNIiJTZ3wkzgEHV4Uu1dOTKqk6Cpge0VPDorijf1uZi0_imaTwTKBMXuvC1sEIZjGoY4m0t8H65GvgMWVc2KvSNLsoW5cc4A2Wa8zekozz5_4tDxNRGA1N6FNZmNAOoiYzW_H2i_m78o0M1RRCgGhw2lRce88EPImC-RCTK4EeCZlxX8s_bDj5RHolCAHVLUuxlD6XZp58opv97uDm6WFUuhU7qWLayHKGAiQ7SPKiKDXqzO2k_jJyTdekhFPrUgv_qUyXrZuiPqf9Fmg8VPQAT6X87zm0ftMDrtx5e791H2ZMBUrZc6U39ssT90N7vHD_a9cT-LBb5foYtm8OHjIOMuxXwp6qz98oaHEpd02G8iXs5GomG_c5t-Nz-g1s5X_upkx7OfBW-gc_qDv_WEE9yZ_GZZhtFsfVG5HSnw0Gb5BZxwwsxe3smbbz4wi43eLOrNHQh8ETcTHc02aR4c-26ovGHIxlFjh1dStMChZg-DfDqZG_nhBGqHgdliSBmA5SIp1uXxqG45s47YgYDkvtgN-C-RIUarAfjMEEmGLQqlsd1XF6n4584YNeQsp8ov6cfunTB2QtzKi9LuHo7i8G-Kdx1nU7PgOWfEaFmvi69TIiJqxK1lQzIsLdwKlG5tdOVPCINHmMaRexYGIVG4i2Ajv_P-ivOvOZaSCWaH0tQPFZCuXK307PRlm0_3PJpjAVbBkQLbjh_TsFC04G1RqqE5XC5xkUXC8XFbYI7Q_gL-jdcPsynlGCjbJtR6fr20WQrl3LxxryCdC3rPfPSTnmHhbatLzIkjCTsw2qux2zrWAVVdHMIb_Dl22mJFHDipuVVQDDDaQ2P3ILKpf-Y2gj5nXF178A1LXtne7jnm9dRTEsnAxMu1c2fe1HXe5HRrdPEGU-ZelfIUtNwE42S6ua8sdd59Pu67s4PvZ0vtGN0RU3xb9ZoyJ6qgkvjBXvM2u6EbdlLZC7WqxGnBXv1YiIEZsMPQvBp1Nkp3wxb8TjaKdLVvouotn35pSJ3O_Y8k9065fbMcm9pcMsrTiP7kACx8ywV9_oMAmi6btVml_P0LB5K1HT3JkDD5qm20iQntzohUKHvcGILE1D5LiO_MEhm3eqYd1YQSmDIb-g01Q5DzMeQpUgLg4h-g2GXOu8Uu0zF2KhnfHqPSVFgN_v6AxAM5k44UIy55GcaUSb_fc3Ev_kq3y2_YdXIYOg7H6JioqIDT9X1Jxmh4lEtPJYZKItjOPN-dH8KxFjrcQNRO2pu6jfFttX1qr0rcvoZq9ewKA7kvEqYaUY57HckskVO9qMBZAcxtuwfXFxJ4X0MemwQqMHgwrbgXvGYbTKf0SQghHqE1b9Ng7jT1Y8CpOvvmKiFyoQVTpY0jCMhbY6ywlgkcVFyLIq9_DoBTyVgdh4SWPJQlJyjfZPB64ayX_Mtz5sZKknURTpMyKXbxgE35JcUKWCXAs7MMMzCqIMQKuCru2XiBE--bzqGDrcLBmpkj3vefj1EVL5lux4D-5_E7Zy2sJ12XATxJOQxb5Pjz9itA49FqM4ELcdVd43Gr5UJ1ntZwd9M9TNjWw_Bi2Xvhi7bLg256cZHpuoMiNuwHT4RWDm-wYpQFcs_R6gHbEM9vwcLE6GkmZyzB_Yl2GaIOTTty7adha3qP5VKYCX2iXityYd-A-jMfXsJ0dt-070I54VSB9J7SWchPu11npRTQtTngIJR68RWzF4_fcXrA7MjgJzFrCR_qP7VGp-33MhrXj7la14Wskq50J7uwrGiLSlL2L7w7_cd87gvciivErUXW8f-s0X_6Nomvr7197CGB9mG8mpiz3G8BXSTMzzxpcsGldk8iQNXJGux2DI9oveWN2MQ3gVVFH9GYPw9y3YLsN5VOnNte5PE_0PyEqQrzA4Xt7KyxI24JOhjqj_t1ExWRF_ARjNh2ED-D5sc_atZlzGKYT2rZabM0l1gAiK8ZEzem_XlE05bXKC2xhhSCkzzAgNJ56spneNrdw2P5FFDTCQC2zkvOPHfEafpr1-BDMTbpgDrtCNGXtXwhtNOAZAbsx17zTR4PE0kI5P8x6xEJWDKkPJBhs_8puHNfqBWqfEscY7yd0nb8F0JzKgIuBP0SWl5KhLXnZfF_v0T1MvemFuwzmy5U6rSpos96bMRzTWxh2t2A0-hz6CgBcdTr-SXaaXNMzoQbi4MMo5b_qMVThOaL8aVJKVk5HwXxzNvaw7xkjzD2W9ndmYwh_UBmDSmDxzuejkZSwvs0Xuk6TrpBKAzHwMG5SmRL17-a2Kc2tIjvbymT1NIsUI1K0ZHColWYZX4MPEautCEiKZPhGT4an_OwlRe7InH0Lh4Uu2b0SCRb0MvtpR8czLdhEjZAvbdA4qp_3-EgtBvMdpn8bsOHRD0Og7jzhIEQ4MAjDDEYTtcdmraSGRCtn&cid=CAQSSwDUE5ymw_DA7TLO0HtNX_cmCsxTjOOBHv2OZmU6MogOO1TMbJRNGAM7Yvoaqv1Vu660Jqomz2KQGn-DlbzbOD5tC8OhJ5_FL4EuMBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fgo.usatimepost.com%2F&ds=l&xdt=1&iif=1&cor=16741109731901424000&adk=2228999115&idt=146&cac=0&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4681920200f339999ac3f6d4a6c5214d92e9a0edca00cfb91b28e3494ea03ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 21:31:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70648
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11009
x-xss-protection: 0
server: cafe
etag: 12368014760096651300
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 21:31:32 GMT

GET
H2 200 810345307703613195
s0.2mdn.net/simgad/ Frame 5FFC 71 KB
72 KB 116ms
33ms Image
image/jpeg 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/810345307703613195

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

335eaddd074f2af7ef851c9c581a1575c8d24cd75b5db228d8f0a656cba9c5ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 09:43:37 GMT
x-content-type-options: nosniff
age: 26723
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72877
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 09:19:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Apr 2024 09:43:37 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230405/r20110914/elements/html/ Frame 5FFC 11 KB
4 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230405/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 21:30:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70686
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4123
x-xss-protection: 0
server: cafe
etag: 4541610132340792384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 21:30:54 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5FFC 0
0 165ms
78ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvGE5o80G01ZnCYksI-Sla-QaJSrjVSD40sKoNNZyLFBZTgSMhdcbCJfU47IavGDzlNaQYdthjE4BN7TL3f72XaFaunSK1jDXOhh5bMsOAQXJKQEncKKOkCxtEhrR4BL6FRwhL7hSNzVhBAkAOes8DDUEWuBHBZvcjnFlHwXhCvuNoqnuKxKCRD16rvdixejlQnr-LrMnKHwkTkh0ipjRn8gWJO217zF3vUZYGHfC_-7V-TJsO73UEvxAwxIVP1HCMJ0LBUAqWfVg3xttEB_z-Z-ZHtvRZcODvGs4hF_Wj8Cb0-I-kPegQH7891YB68oxFyWbnAUlXJTBg2eoT0n1tTYL3RcZPiriTkVKzer1JPrROPhQIb1IENtP2mldDzSM8qEWM1q_54DRqhQJnuFHnRlioqCcrj7PUlK6ACaoTWSUiZl8dXWD244QwprAu4pnuMOi7Pb9_jWCPKupXxctcQy9pKHJaL8CyMHhp0mlCScyKGXoVgxy4Fkz0njeJtwaLPRnrNCysIEvmet19R17Dhs0enMWfMdDyjbJN3dBA7wpmZefUssEflgzpOvEAx62cSTTn5galBjX5BrvBxSzVUBflWR-i1MaiE6UgxBd5hJVVwKdKP1Y_bdhfZSiOkQBhzkvh-RoFSaw4g3QxdEkjhU3n1QLgR0vt535bOsMbN7X21LGdX2qn0de44U8bqECZHtUJFRu73rpP81OwrV-zxpK-rPzcE69TnuNmvALRePkd_oo7bE8eTQdMKd4YtOvitIXA0jg1ilMv9KiWXqu_4dbmn6oRP3krfyuEi2EYAl6dYQhUg7DUwg-u2v5xgb-2ubEkE7ebvW87dWgOr1WMHP0Lvq0ZwW_zqeFWpLWclJUcn4mRvjwMIiZ523xHRCKCl_3IdrQbvwNPWoOpd3nGvsGIwtJgUaNuJYKwgVyZKotgumYI0ULthPheoVDB7JoC2m1d5BuxQuv0YqmrX56gg-n6W2u3HFH4HA46rzPESbFt7Zxrly_mSEWilqNUeFIkcOcmBQqS1tb2McY2py6vMsIQv2hiUju9GOp0JGig5OE7dgYNeGNh_UiHwMm11I1pX7y_dHJd0GT4eKx1ahppTJU90A53G-3v0A31HFN9AxmCHRFC-MxVqVGa35Mk3ayV5Fkf2euDoIQPzMOi77y-uyDZf7pcbd-sbK8YPsJH4ztFU84KnfZlcFfs9D_KBV2xsh63ToSglqv0Rhb3GcrYQhVkIT17kxaFxa3vLvq4mCzi3-EJgSWDEOBOA18Cv-ZGCPWVrEVF4aI0pFvVboM6ke7D9GJp0_bTMNCwXi1tCgUBV6nym5_wy6MSa6PNt-m0Rd5-BF_18dt5KO3zjTb0mrS8CPduqVes&sai=AMfl-YTRdLSuXDR5bCu1pSn_yV0Zn-o17S-lXOWN87-QX4JTkHhuYhuXEmLdcHaatulTAC7TxwuDztqUrVLnlFqMLruwieKvoM-aav0Cp5gEZqMDeITmHV0vkUAd5PNyV9je5Kzmthr2UBQKL6-A4OOwsPspWJv-_XhZuXhAa2MS_w_qcjP8aR3VbfDgt6LwcjKakDHrPc35Og7c7H7d1OPS2SvcldMYaUeP5Y46nku6txxZNlmxxYJKSec6xU2Y9TlPt_EI6mPtNDWHO5PDvNYuMcR5mfYIXthc&sig=Cg0ArKJSzFfZ98eDWRSpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230405.27356&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Mon, 10 Apr 2023 17:09:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5FFC 41 KB
15 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 18:11:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 428260
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Apr 2024 18:11:20 GMT

GET
DATA 200
OK truncated
/ Frame 5FFC 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 59d8f32f9827bd8b75b6be58811561c38cedcbda3c8fdea748247643064f18a0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B79C 22 KB
8 KB 33ms
33ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 372693
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Apr 2023 09:37:27 GMT
expires: Fri, 05 Apr 2024 09:37:27 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Bo5p8DbEpWqq_61_uCYPeBu7T3aczz0WnYolkwB_A5I.js Show response
pagead2.googlesyndication.com/bg/ Frame B79C 36 KB
14 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Bo5p8DbEpWqq_61_uCYPeBu7T3aczz0WnYolkwB_A5I.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068e69f036c4a56aaaffad7fb8260f781bbb4f769ccf3d169d8a2593007f0392

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 16:18:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3026
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14136
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 13:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Apr 2024 16:18:34 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5FFC 0
0 72ms
71ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvGE5o80G01ZnCYksI-Sla-QaJSrjVSD40sKoNNZyLFBZTgSMhdcbCJfU47IavGDzlNaQYdthjE4BN7TL3f72XaFaunSK1jDXOhh5bMsOAQXJKQEncKKOkCxtEhrR4BL6FRwhL7hSNzVhBAkAOes8DDUEWuBHBZvcjnFlHwXhCvuNoqnuKxKCRD16rvdixejlQnr-LrMnKHwkTkh0ipjRn8gWJO217zF3vUZYGHfC_-7V-TJsO73UEvxAwxIVP1HCMJ0LBUAqWfVg3xttEB_z-Z-ZHtvRZcODvGs4hF_Wj8Cb0-I-kPegQH7891YB68oxFyWbnAUlXJTBg2eoT0n1tTYL3RcZPiriTkVKzer1JPrROPhQIb1IENtP2mldDzSM8qEWM1q_54DRqhQJnuFHnRlioqCcrj7PUlK6ACaoTWSUiZl8dXWD244QwprAu4pnuMOi7Pb9_jWCPKupXxctcQy9pKHJaL8CyMHhp0mlCScyKGXoVgxy4Fkz0njeJtwaLPRnrNCysIEvmet19R17Dhs0enMWfMdDyjbJN3dBA7wpmZefUssEflgzpOvEAx62cSTTn5galBjX5BrvBxSzVUBflWR-i1MaiE6UgxBd5hJVVwKdKP1Y_bdhfZSiOkQBhzkvh-RoFSaw4g3QxdEkjhU3n1QLgR0vt535bOsMbN7X21LGdX2qn0de44U8bqECZHtUJFRu73rpP81OwrV-zxpK-rPzcE69TnuNmvALRePkd_oo7bE8eTQdMKd4YtOvitIXA0jg1ilMv9KiWXqu_4dbmn6oRP3krfyuEi2EYAl6dYQhUg7DUwg-u2v5xgb-2ubEkE7ebvW87dWgOr1WMHP0Lvq0ZwW_zqeFWpLWclJUcn4mRvjwMIiZ523xHRCKCl_3IdrQbvwNPWoOpd3nGvsGIwtJgUaNuJYKwgVyZKotgumYI0ULthPheoVDB7JoC2m1d5BuxQuv0YqmrX56gg-n6W2u3HFH4HA46rzPESbFt7Zxrly_mSEWilqNUeFIkcOcmBQqS1tb2McY2py6vMsIQv2hiUju9GOp0JGig5OE7dgYNeGNh_UiHwMm11I1pX7y_dHJd0GT4eKx1ahppTJU90A53G-3v0A31HFN9AxmCHRFC-MxVqVGa35Mk3ayV5Fkf2euDoIQPzMOi77y-uyDZf7pcbd-sbK8YPsJH4ztFU84KnfZlcFfs9D_KBV2xsh63ToSglqv0Rhb3GcrYQhVkIT17kxaFxa3vLvq4mCzi3-EJgSWDEOBOA18Cv-ZGCPWVrEVF4aI0pFvVboM6ke7D9GJp0_bTMNCwXi1tCgUBV6nym5_wy6MSa6PNt-m0Rd5-BF_18dt5KO3zjTb0mrS8CPduqVes&sai=AMfl-YTRdLSuXDR5bCu1pSn_yV0Zn-o17S-lXOWN87-QX4JTkHhuYhuXEmLdcHaatulTAC7TxwuDztqUrVLnlFqMLruwieKvoM-aav0Cp5gEZqMDeITmHV0vkUAd5PNyV9je5Kzmthr2UBQKL6-A4OOwsPspWJv-_XhZuXhAa2MS_w_qcjP8aR3VbfDgt6LwcjKakDHrPc35Og7c7H7d1OPS2SvcldMYaUeP5Y46nku6txxZNlmxxYJKSec6xU2Y9TlPt_EI6mPtNDWHO5PDvNYuMcR5mfYIXthc&sig=Cg0ArKJSzFfZ98eDWRSpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=185&vt=11&dtpt=184&dett=2&cstd=0&cisv=r20230405.27356&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 10 Apr 2023 17:09:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012303151621000/ Frame D117 221 KB
60 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32a398551559147de00a9581403ae7e14230f11397e39e34887d0cbc5ed9c51d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61738
x-xss-protection: 0
server: sffe
etag: "0caefa4c1415de54"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame D117 15 KB
5 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4f1ff793b9ae11982096cb0c049cd0a0cee90b9cddfe72c35b33b370f743865

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5226
x-xss-protection: 0
server: sffe
etag: "64ac5ddec28ac2aa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame D117 94 KB
28 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

397850bc917afaa87d5ffce333fd3db75d324bb3a76249ab53cfd9e60197742b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28944
x-xss-protection: 0
server: sffe
etag: "46c36ca14bcffdc8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame D117 5 KB
2 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74cd04f60065b6e31e98e97a89b616b2f46ac40ea2533bba749515688b4b8047

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1905
x-xss-protection: 0
server: sffe
etag: "e0aae84f332fc66d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame D117 40 KB
13 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1085ca7b96d9f287bf35a440569948a42787e6a6b94144936149dee077b22277

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 71
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "cbb0c0b6f4ec6009"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D117 8 KB
893 B 41ms
40ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05ee926cc9bf2039ad93af941a67d23d84bd78ecd9d6ef53ff85eeaf744cbd89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 10 Apr 2023 17:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 10 Apr 2023 17:03:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 10 Apr 2023 17:09:00 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D117 295 B
319 B 32ms
31ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304030101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 07:58:03 GMT
x-content-type-options: nosniff
server: cafe
age: 33057
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 11 Apr 2023 07:58:03 GMT

GET
H3 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D117 2 KB
2 KB 32ms
32ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: go.usatimepost.com
URL: https://go.usatimepost.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 18:11:23 GMT
x-content-type-options: nosniff
server: cafe
age: 82657
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2471
x-xss-protection: 0
expires: Mon, 10 Apr 2023 18:11:23 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D117 0
0 76ms
76ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CkznWq0I0ZLu9OdrpgQfK25HwB6Gm4vBvgb6wvrQRloLNhYgWEAEgxfDOhAFgkYSghYwYoAHKgtGLKcgBAakCZd6XM5c0sj7gAgCoAwHIAwqqBIACT9CaX3kuBhCufxwOlVn-DOmZSqvGPP2n1Jsfrq4iz5c42Ezk8WiPE0vldnB5YHH-VIuQwD_nI0V0KpJJkfxqeSKQSgLW1Fl9GTdvFud14psonjky0fxbYUHvvAQPrrOc5GD20A68S-Z7hGLpsTihXb4OBaPNLPR1iczQqUxqiRHE6eTlwHOsd4ZqmMUSdX5KYnL6bexyVwILtKebb00_87VIHDsAbCaP4Ls2cw5YevygfD8_JPdUCW3bzdGiFg5OPVaJ7DYbf6yM_C8r22g3gba5pTsFyBTy3v6c1Avj4I6Ze4dkzPQBkPFo1QXuqfjVemXxUF6ZWWjou7OS0ck6ysAE-4yXhKEE4AQBkgUECAQYAZIFBAgFGASAB8q6oesDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQgMsB0ggRCIDhgHAQARgdMgLrAjoCgECACgPICwHYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItMzIwNjQ1NjU0NjY2NDE4ORiTons&sigh=YeeitXbmyHM&uach_m=[UACH]&cid=CAQSTADUE5ymBcld7aaOagu_6tnOqYfepI4ry-6bgBDJspvUXnVciU2LpZddj5CCxolKYzelwGYrclSABogAHbkVjK0ir2n9OjZhcz7KKwoYAQ
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame D117 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D117 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a12ba86b06855102c8a4b1cb929b637ff5ded5deaedef609220b50846c7f992

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v46/ Frame D117 29 KB
29 KB 34ms
32ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.usatimepost.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 03 Apr 2023 21:54:53 GMT
x-content-type-options: nosniff
age: 587647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29728
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 16:59:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Apr 2024 21:54:53 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame D117
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

82ms
81ms

Image
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H3
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B79C 0
20 B 137ms
137ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3HLRrEI0ZNKUGNq6x_APh8OJyAgAAAAAOAHgBAI&bg=!ammlaT3NAAYIJb0jKCU7ADkAdvg8WiL75DbLikIPDFdU4q0m-0DloUSm-ZT8swRNgMVoy7-NuH0VL6aRdznPpVmYm4CN0Krjc2YCAAAAbVIAAAACaAEHmQL7Dph-cm0_-lWBEavYnOsjNMopde_DGOFPkjEpi2d96ItMGFpjtrPDuVOfEqh5_ZVrgUIpVz7l1fn4drIrK2XnU3rgSlWNhE7XPB2aGW8Vxjd1Oz4E8dxlAUtvZs66BXApwOLvjWJ8ndkhotD9XbUVB5dJdDSzsWaUnj2AvgfQ0mUm9muNtBXjSWHCCVoWiSdADDkS_xbs_TJ97mP05XEhJbHcTYMtVagW3OQC_8ZfUwO_X_yvGOLN138Mvr4q0Yj6MLVNmoyOmI0WHunJzCeN7xNJbqRi1mYzh7w_64MDa6jJzHkPkBRCUBos_lNUNfBTJMO9I7hGmZwMcv2RE1wEVkprgoSD2UmkohtK-DfzOklNwyDQKjcavRsC13o0tJPCASXwIb1MmSEgypQxfR_ImbOQwVHmdhZm2WbBubPcmexdmlpRecBsChvRaZwkGwb-yuoPh5xuUMpKNpSSDIXF1-fsRr7phN2q7cHaxNOAdVKEGAkyJbFs0YgW-Uhe7rxD2cRIZKVE_hbDBP7hoYI08Vf0GsHqhaaugBobzPq9_UlJHoF0V_1I7aDfkYqDUZWRirMVft2Y8yYpvGSnHgg1FWkRwjazjfzPZAnq6vOHYreVKsdZ2vupjLz5uq4nN6xKYWMznFXfLQRUu2LJQd3u1bWkXl7YIng-jzq9l9aSN7lX84B0a3Gpqbwtoh_Lh1Ro_j0jvovtiukEXR9LhBqpl2ev3b-55o53Z3oRIsrIsbSv-qL0c-vod7ZKOv0A4xXQhG17UdkJL4ptDSM9mn14sVLdzHOmc-d39pCZNMPmGR7eSQVlmOgWm73gd_MLrGUbz6qswtpnpZPa73sDXy4nhEFc7CC90hFZYwieA5vlZaDtGqsOf8TwmZXjxvTHIVH6kqfiJTPSKY80U3YleTSG8QPrGjrD9ZkCXQQg5EUYjeNz09riJaCyENhqYZbosGiQNi9Sp5PdqpNAZ5ynK-bwI0DgmiBOTGCTlFv7VKA3HGYUPv6bMVo8IbutcA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 138ms
138ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304030101&jk=1764458240904067&bg=!4OOl47fNAAYIJb0jKCU7ADkAdvg8WhOnN8k92PDDOVYjaoLreMhOgiPFJsoROBSu8nXgruKzDvba-UIRr6Uz94gMsC10ZrREi9YCAAAA6VIAAAABaAEHCgDR3y8rCQH8lOxim2-3F8LePIOGk0Ja0qj8bELVOU5S2FxhcSwN2CaZ1XkN_reI_va_RTtUF_F5n7hYhEzQIDySV1DC6CWdwCfUrONRcT9s248MCMHAHH5wrWtEOx_QDQYW7fMt96tEJKi7aTldk67WNGfBqQRRh6Xp_cKdqUJz_oBBEfpumfY154nkSOaCdi4izbnqUBEAo1gFQ8rOlDV4LaGgYoj8BTC4-wUiSMHWZuwKQk3QZxxKfZ4CR3Plgl-Glpw8GzTfwl8_H-IEFgmgC82ZAqVSnjJVQJB9fv4EUcCY0QhAZoQnjkhSuAhmJS1YVGGq4gsh1ulFs5oLbiyOvIHeMTL_dW5NyUsOmiY1mAYfv47KS5asibwc02G8GlvBIykv4MxeRs8u4aSGKgQ3PVes_LuXwwYo_8eba96wks47hHL-Hjg1kQcqCOYvP7vokzwFWCWUGaLFksyxtqAMw5CIvof_HTcmToNAbM3rZuhZ1UNhvM_pYmMoJEAb3teNlIxF0zcZxdS6xk0vXsZcF3konr1B0fwYRFTIWTx0urcf_wIoypFEsg-23OnV8HCqaEaH_Ytix3m_NEwpnlQhIIWy2J3y31jGH2qRH7_n7ARU1MNonGTvoitqnB1gb2L6a8xgKCndLvgi4X6-ri1oNfCFzDbyJhWDoKlRlSsmJ1VfbxhOw7Q-nnGbM7ipih5y2OGotpGnWyPcM_LH1ISj-KztX4IbCLEyLYgCeHDikPLyChx55tABvz7CBfhy2zsZcP4fSkTd1sW-D5E_qpHnc9EeCyaIYcM4taRjucZ8YvII7R67D2KKLOQCQbKfFm74rpS0o3t_-5xv0RMS5MotLYBF4lNtnmLpH9l06UaM7sYXhSUh3lw1eTxPF_EoqM5amgrKL7Q4f3HWcNODPiqHN5hVLGOUm2DgejldC2uxYSTHDEMYn_aElyTviBvniz4Nk4lUeAq0Hkr1_hJ_6ubVRgkOm0SdBha0pC-GRx-As5aRNA8Se0bb7YdjqUjic0R6O0ZQkdjzPtKCclsIUEEvNSPJL56bteTM_wAC50MiJmTBjHcbTwdTbGjnetehUFBnt58jNa4weYAPvU4aGS560xsH8C9TW_03xkxD3RC8GI2T1Q0zfuvRG_CKB_cIqh4fnE5sCMsH5gpHaqQEkLDmDVtc338cpmAvbQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 98EF 77 KB
25 KB 101ms
100ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.greedygame.com
URL: https://cdn.greedygame.com/interstitial/v1/index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ee924e04a73419bd3ed661d8f92368297f257bd6f15540985d56b010f3f4c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25551
x-xss-protection: 0
server: cafe
etag: 501 / 19457 / 31073608 / config-hash: 14281082429472416202
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 17:09:01 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2FD5 42 B
174 B 66ms
66ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuyI_z9DomUgOTOoPddRfbL-Q-NpuagAcWlF6gO8AjJUw5ReZTSF2n9YqopG76tu2mLv2CmYfQca0bSq9dfcLWlts5l4ekHXJw8_GCa3UiYFgCm5P7k&sig=Cg0ArKJSzH5XHi3GuMDoEAE&id=lidar2&mcvt=1000&p=284,250,285,251&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230405&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=220486695&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681146539708&rpt=290&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5431 42 B
108 B 66ms
66ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssL5iKWI2sWVYNGg4fgZhifFg1O-mFbXHHH1E6xgbCiiuPGjJbHn6lblS-f2nYaxQg84S4I-hgZCD84o0sOS8EuaOk&sig=Cg0ArKJSzBGSi-qnjt6gEAE&id=lidar2&mcvt=1002&p=1100,640,1200,960&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230405&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2221337255&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681146539683&rpt=288&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/ Frame 98EF 396 KB
123 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44d21155299f7586529228bfb9bef99d121ad611a2c9496aa544f0ed1370f4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 10:23:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24352
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125536
x-xss-protection: 0
server: cafe
etag: 10528700666617946181
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 09 Apr 2024 10:23:09 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 98EF 289 B
181 B 66ms
66ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=go.usatimepost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ecc7ade390c050bcc20e786ed4c93566d4938f9686bdda10ffa0294e3ce0a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156
x-xss-protection: 0
expires: Mon, 10 Apr 2023 17:09:01 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame FF6E 0
127 B 25ms
25ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 10 Apr 2023 17:09:00 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ Frame 98EF 107 B
165 B 40ms
39ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=go.usatimepost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 98EF 107 B
165 B 41ms
40ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=go.usatimepost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 98EF 44 KB
10 KB 859ms
859ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4311227575924608&correlator=722199235667482&eid=31073608%2C31073739&output=ldjh&gdfp_req=1&vrg=202304040101&ptt=17&impl=fif&iu_parts=22387492205%3A22857120893%2Cusatimepost.com.Banner0.1675058525&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C320x280%7C320x480%7C336x280&ifi=1&adks=3607203895&sfv=1-0-40&eri=4&sc=1&cookie=ID%3D956c34568ccf1c0a%3AT%3D1681146539%3AS%3DALNI_MbgUa2SMKRZKM-o3ZihsNv7MNVJLw&cdm=go.usatimepost.com&gpic=UID%3D00000bd3b6b39e2b%3AT%3D1681146539%3ART%3D1681146539%3AS%3DALNI_MZ-Bh77AFekXRMawWzoqD9R70XicQ&abxe=1&dt=1681146541238&dlt=1681146540984&idt=232&adxs=650&adys=615&biw=1600&bih=1200&isw=1600&ish=1200&scr_x=0&scr_y=0&btvi=0&ucis=qhp2uu8exxdh&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=usatimepost.com&loc=https%3A%2F%2Fgo.usatimepost.com%2F&top=go.usatimepost.com&frm=23&vis=1&psz=300x0&msz=300x0&fws=0&ohw=0&ga_vid=1942261252.1681146541&ga_sid=1681146541&ga_hid=560116048&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6de3f4b39bf59985cb5737871e56fb64c22feb0b5fa892240e942a17975d6d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10676
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go.usatimepost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 98EF 14 KB
11 KB 81ms
81ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304040101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f300d45eb31107c61ac80ec701d5bc8f03aa0ca37c4cae99e11271888300e0c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11086
x-xss-protection: 0

GET
H2 200 container.html Show response
5f5628a644174647648efa43c93c472b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A6FC 6 KB
3 KB 100ms
67ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5f5628a644174647648efa43c93c472b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.usatimepost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 17:09:01 GMT
expires: Tue, 09 Apr 2024 17:09:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 98EF 17 KB
6 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Apr 2023 17:09:01 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0785 42 B
64 B 69ms
69ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssyQoDveadG1Na9X3Nou9xuiOXutzzgkeXXWT_LRgHGlQIhIVOG9XE_05-tY1lJWxTPyiI6-B9oDzcR4aTu-EMAOSeEmGj33bZGPYnV0JBl-5qshLnwzZeVLERTWyfotzYzOxD7Nw&sai=AMfl-YQ7hptd7O_ovaBKtOKN1jhaQmcYknvOpwj5wS0uf5DA_zQfkD35eBaO40qvYvV7lJvgGZXfYzeZWfFF9I89Dozc4UsGNRS9de9bCBmaVZjNqxiDuEV_BDmwphdkq-Z26aklysm43Lg0zjEK&sig=Cg0ArKJSzEBYoP612zI4EAE&cid=CAQSSwDUE5ymHUbHbAgYTyikPIrn5aYgpoec1VbsEVkUVuHsVku1AzexqpF4u4TVDkdC-C3WRU0PIvMlc31V004Km9AQnn_1yJ3zxb7XYxgB&id=ampim&o=315,246&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=287&tls=1287&g=100&h=100&tt=1287&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C6CA 13 KB
5 KB 33ms
31ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.usatimepost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 11905
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 13:50:36 GMT
expires: Tue, 09 Apr 2024 13:50:36 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 09FE 783 B
537 B 43ms
42ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e04db74921b8cb7f6d56d3eadba91253afe1d7788388f98e8357feb57c4dc84f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jvFXSwOQqHZGR3r7q4WLxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go.usatimepost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-jvFXSwOQqHZGR3r7q4WLxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 10 Apr 2023 17:09:01 GMT
expires: Mon, 10 Apr 2023 17:09:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Bo5p8DbEpWqq_61_uCYPeBu7T3aczz0WnYolkwB_A5I.js Show response
pagead2.googlesyndication.com/bg/ Frame C6CA 36 KB
14 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Bo5p8DbEpWqq_61_uCYPeBu7T3aczz0WnYolkwB_A5I.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068e69f036c4a56aaaffad7fb8260f781bbb4f769ccf3d169d8a2593007f0392

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 16:18:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3027
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14136
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 13:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Apr 2024 16:18:34 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 09FE 0
0 132ms
132ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304040101&jk=4311227575924608&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C6CA 0
10 B 31ms
31ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?iZQF6w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 17:09:01 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5FFC 0
20 B 132ms
131ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=422936158830&version=m202301230201&ct=76&x=1&cor=16741109731901424000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5FFC 42 B
64 B 69ms
69ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuYBAK4xiXa5nEK881P0MobY09mqVJbe7W7Am3HkPTCAHTKHlda90grfzS4ch7TGv0XyXijRIJ9S2B2f1GVQiI_B1U5dPJPf5Rfa2XRlR2hQmUbmzw4-4rwi50WQbkQsLnHk68UjA&sai=AMfl-YSfYzbqUiCyscazIh9dQTfttjvpszNrsSkJB3nCTHTr07j01C7r20qqhtv3_M8UIbqopeqJMfRm_IXrQP70VWWvtKAzrV23cs1Zy1UTwWtnRtnXq3tU2uJwLgzP6oeHQnyIgvGqjz5A_H7d&sig=Cg0ArKJSzCMblo4wWR3PEAE&cid=CAQSSwDUE5ymw_DA7TLO0HtNX_cmCsxTjOOBHv2OZmU6MogOO1TMbJRNGAM7Yvoaqv1Vu660Jqomz2KQGn-DlbzbOD5tC8OhJ5_FL4EuMBgB&id=lidar2&mcvt=1005&p=541,980,821,1316&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20230405&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2416101915&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681146540133&rpt=500&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame D117 42 B
64 B 69ms
68ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstsACM77ghbwFVIK_v2zRLDNEwQ7scmDYkcpfD98zyLI3q0I8JAo7lWfXSF0r5Aj_Ylsve-eivv-svhMfa2N6BmSsASszUMAN4ahG0wgXovYpTKUt9pdj9Z6P_uoFwvukeFAo6Rkw&sai=AMfl-YTEnB2f9Z99IXWjyxYMQ06zXbx2oBLmlG5Ov7mh9Oht2inUu3OTEJ0K1wPcBjpqYvFfSjp_96c2mG1E0Sa4hvusnr3NAZtALYQNa9uhVtOmhXDJGeXiRZzpFOIYONj28jcNYCFzLFyU__0eWg&sig=Cg0ArKJSzHJvHngMjXvDEAE&cid=CAQSTADUE5ymBcld7aaOagu_6tnOqYfepI4ry-6bgBDJspvUXnVciU2LpZddj5CCxolKYzelwGYrclSABogAHbkVjK0ir2n9OjZhcz7KKwoYAQ&id=ampim&o=640,516&d=320,50&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=94&tls=1094&g=100&h=100&tt=1094&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 98EF 0
0 138ms
137ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304040101&jk=4311227575924608&bg=!nJ-ln8vNAAYIJb0jKCU7ADkAdvg8WhdaitZDIicq2S9UcQu7nKFd4B8gmdcHPkitFAU1WYsf-BgkiVvnXu8wrH0XqgPZTrkXl3kCAAAAUlIAAAAKaAEHCgCkmQJM0T4OUTI_2EeMHm8PlGhHHWwZS9-n2DmcB6eTKSoPkS_eViLO3qIXwkO6u5-pHG4V3t9OGnhFNfaDEe6DwFwUOupQE8q2xojX1GrCOE5YyNCvbjV7Xq_sAVLCcrWd8Q9bYraZGn0og7XvFq8p9nWjgKTxMGmemQsxKhgstJaXOuzVnJ8-Xh1bK5hWqsXFAPRGe6vJzljdjbYR9hFSGtzCX6OZAs1UuBceTSgR4KVdMjmUI5l_sZXpUsr7t1jw052ePJGqGPhqWeSjV_DS_PO5fo2jhlm8bXF5TcI7uF5pHzEcmralmmNKVNCMBc31ovIN6xEo96jt1Uts-bEN1s53qSubYSuUQnE_t_79z6PUI2l_P4JoH-AsQoWyqF3nk7WdbeQbpQ-9-XLcPBVsdeVLrz9W8HMdAfTKGv4kGbY7-QvXnqvFf62xVjntIDnQv5z2S3IPl8DAsskFN6liNbWsVHq2sSeaS3DHQBG0kLxGVD0jEahd4W3xFZMNSeWwasgGy0XoqeX8190N_aqg9zrand0fujSIgg-Ol8sAmLl2X7e4HbPBJgvaCxNCc5F_dTxF5_5LE4kmPNPqMHeS0X8woWuKAInRmV8i29ficeLJGdTN-APEBh_pXVQYytXz467XnwpnN2Z02CIny5Hz4A0e4PYx2bP4PQT3Fb-jTo4PoML0B_8cN-35qxGOYgCJZntGpUz8hVeBeeI-N7rLYyz8d0iECBQtR1PNOoEQGQbIQxEno-g4oLExg_HgpAoJiBa_KHyYGFHAU8OClM3Sy3DGLRRHWZVJzY93DCThHjOtk_d1UumaccKMt2pZvLQVWvmq1Wxt45O8ufWeQFi7KBHE_UVm_YpD9Zh1UY-f9YLdRRRWvZWHxMhQChDyTBuM0LpmYvyPB-0DX_bGOjwXF_IqxcGd3mjvIBUbI1ZCx2W6j6SWgJyLr-ON73oXra-x77ceC8a2xSTr-80REdRWrY4j6R_Oco06BfAIadbYu_dy_wLzsj7fHjmV-BIukzUuK9uqOb5CuFJn34mL5nB9BZ1i7wkd2sQq-T6GbkwYo49wm7tB7kZ8rjdREiuxvJbcnbhYStm_9YIKUSzqdnQTUttRHPg9M6xsZRSkn6R-JsOgtyRRkiK60PA9FSROeByDBFSwjrUho9GdxKVdfyUXuFX3VFo
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012303151621000/ Frame 8D7D 221 KB
60 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32a398551559147de00a9581403ae7e14230f11397e39e34887d0cbc5ed9c51d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 73
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61738
x-xss-protection: 0
server: sffe
etag: "0caefa4c1415de54"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame 8D7D 15 KB
5 KB 70ms
68ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4f1ff793b9ae11982096cb0c049cd0a0cee90b9cddfe72c35b33b370f743865

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 73
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5226
x-xss-protection: 0
server: sffe
etag: "64ac5ddec28ac2aa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame 8D7D 94 KB
28 KB 71ms
69ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

397850bc917afaa87d5ffce333fd3db75d324bb3a76249ab53cfd9e60197742b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 73
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28944
x-xss-protection: 0
server: sffe
etag: "46c36ca14bcffdc8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame 8D7D 5 KB
2 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74cd04f60065b6e31e98e97a89b616b2f46ac40ea2533bba749515688b4b8047

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 73
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1905
x-xss-protection: 0
server: sffe
etag: "e0aae84f332fc66d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012303151621000/v0/ Frame 8D7D 40 KB
13 KB 79ms
78ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012303151621000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1085ca7b96d9f287bf35a440569948a42787e6a6b94144936149dee077b22277

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:07:49 GMT
age: 73
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "cbb0c0b6f4ec6009"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:07:49 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8D7D 2 KB
2 KB 32ms
31ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 18:05:12 GMT
x-content-type-options: nosniff
server: cafe
age: 83030
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 10 Apr 2023 18:05:12 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8D7D 295 B
319 B 33ms
32ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304040101/pubads_impl.js?cb=31073608

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 07:58:03 GMT
x-content-type-options: nosniff
server: cafe
age: 33059
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 11 Apr 2023 07:58:03 GMT

GET
DATA 200
OK truncated
/ Frame 8D7D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83111c9cd3669321588e3daa1ea6ca8e4cf7eb07f533b4e93719b3d8d6603661

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 16778780586011756936
tpc.googlesyndication.com/simgad/ Frame 8D7D 44 KB
44 KB 32ms
31ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16778780586011756936?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qm63XYyGsjuTu_bveWcJvvTsFsiOA

Requested by

Host: go.usatimepost.com
URL: https://go.usatimepost.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db93e96b947596fbe74d17d1f08a3f454ad7cd3e68eb2419900952ef98353dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 09:52:37 GMT
x-content-type-options: nosniff
age: 26185
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45280
x-xss-protection: 0
last-modified: Wed, 08 Mar 2023 11:42:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 09 Apr 2024 09:52:37 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8D7D 0
0 40ms
39ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQDUA6JvQzu5kMKhnvZj0JI81cHp_qxkaRu_4tpp196vs7p_z2vOhuvf8AubdRQfl33fpUo
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8D7D 0
0 77ms
76ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CqSVQrUI0ZKaJFcTXx_AP_piRwAPoiM3bbpfvl4CEEcLj0uCyARABIMXwzoQBYJGEoIWMGKAB9MSQnwLIAQLgAgCoAwHIAwiqBJ4CT9B9RZdrgoR-U6SvHu_STylgcpteFYYnqEr-AhSxVEQkhUKXUt1VdGordJnJG_QgvmyAZqrHlCCboeP4D9QMdch3MCvPzeQ2d8acbLdw4fy8RfgqSFQ_naD9TOIxHaayZpKABjdJPXTDWHVvpzKrT2Fx2OurmT12PRyzcdGw0genzsXlTymhmcWqLc1nhAxvLn_wavCISveENbtG-gVRiWfs5xZ8u4_StU6dtdkfz-NrYJnsGiO3aL8dvVEji0zi3KFG-RTVcQGQRW6-AX2DAJ2B7VSAt3iPGB0o8khSHXSw9Jl9Gsp0Wfkf1z4U_5CfkEZDw2aCFHWodHUyJlWJB10-KYQVYM7FE-SKxB1ct_f3Eirf31PLzcIWMDzl6MAE7OXHqo0E4AQBkgUECAQYAZIFBAgFGASgBgKAB8Sm8uABqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQv54C0ggRCIDhgHAQARgdMgLrAjoCgECACgPICwHYEwzQFQGAFwGyFx4KHAgAEhRwdWItMzIwNjQ1NjU0NjY2NDE4ORiTons&sigh=lhT5lSSHbSc&uach_m=[UACH]&cid=CAQSPADUE5ym40glN_-wLrCiLQw0WFv8tV-PCrZfdAl_4Tmhc2EkoomRb9xXexMB-u7rYIlAH4zhBivQS7y5hRgB
Requested by: Host: go.usatimepost.com
URL: https://go.usatimepost.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H3 200 16778780586011756936
tpc.googlesyndication.com/simgad/ Frame 8D7D 44 KB
44 KB 32ms
32ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16778780586011756936?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qm63XYyGsjuTu_bveWcJvvTsFsiOA

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db93e96b947596fbe74d17d1f08a3f454ad7cd3e68eb2419900952ef98353dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 09:52:37 GMT
x-content-type-options: nosniff
age: 26185
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45280
x-xss-protection: 0
last-modified: Wed, 08 Mar 2023 11:42:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 09 Apr 2024 09:52:37 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8D7D 2 KB
2 KB 37ms
36ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sun, 09 Apr 2023 18:05:12 GMT
x-content-type-options: nosniff
server: cafe
age: 83030
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 10 Apr 2023 18:05:12 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8D7D 295 B
319 B 37ms
37ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012303151621000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 07:58:03 GMT
x-content-type-options: nosniff
server: cafe
age: 33059
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 11 Apr 2023 07:58:03 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 8D7D 42 B
64 B 69ms
68ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZgXDQ-B7VBPB58_tgU1gk0Ht1NbgmYsyLKq9d5x9SgEQIksDmCamfqugdvGAxQMulgEIVoFZPPTKTQZ8F2ELqd4DXho-ljMh2HFTtvx44P_GO0G_D50jvie_ZdPILZWZA3_MaGQ&sai=AMfl-YQFs88hY62x6a4yz-eGgcK2n1HQTPLSzLXwrYsDpdURLbu2XraNE1RF7Xw_U3nIn2KopKeqQKseaZLhLE5SmUyB-DuwwAmWPRYiKlF21LjCJv1RMSdBRPfNhi7F&sig=Cg0ArKJSzPVd2znl6K36EAE&cid=CAQSPADUE5ym40glN_-wLrCiLQw0WFv8tV-PCrZfdAl_4Tmhc2EkoomRb9xXexMB-u7rYIlAH4zhBivQS7y5hRgB&id=ampim&o=632,475&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=172&tls=1172&g=100&h=100&tt=1172&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://go.usatimepost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Apr 2023 17:09:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 20:20:42	Name: IDE Value: AHWqTUl2eMQUNw812VbJWVsm1a81LS3-Ivno4t2QZPhSHAGqfjRL1NXZry9lYNJ68OM
.doubleclick.net/	1970-01-20 10:59:10	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 10:59:07	Name: test_cookie Value: CheckForPermission
.usatimepost.com/	1970-01-20 20:20:42	Name: __gads Value: ID=956c34568ccf1c0a:T=1681146539:S=ALNI_MbgUa2SMKRZKM-o3ZihsNv7MNVJLw
.usatimepost.com/	1970-01-20 20:20:42	Name: __gpi Value: UID=00000bd3b6b39e2b:T=1681146539:RT=1681146539:S=ALNI_MZ-Bh77AFekXRMawWzoqD9R70XicQ

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 16) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	warning	URL: https://cdn.greedygame.com/interstitial/v1/index.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5f5628a644174647648efa43c93c472b.safeframe.googlesyndication.com
ads.eu.criteo.com
adservice.google.com
adservice.google.nl
cat.fr3.eu.criteo.com
cdn.ampproject.org
cdn.greedygame.com
csm.eu.criteo.net
edad6f2a735b8bcf7d40cc9035a60dbf.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
go.usatimepost.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
pagead2.googlesyndication.com
pix.eu.criteo.net
rtb.nl3.eu.criteo.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.criteo.net
tg1.aniview.com
tpc.googlesyndication.com
track1.aniview.com
www.google.com
www.googletagservices.com
172.217.16.130
178.250.7.9
185.217.92.81
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2006
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:827::2001
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2001
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2004
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:d::14
2a02:2638:d::4
3.224.209.45
34.111.218.68
69.16.175.10
05ee926cc9bf2039ad93af941a67d23d84bd78ecd9d6ef53ff85eeaf744cbd89
068e69f036c4a56aaaffad7fb8260f781bbb4f769ccf3d169d8a2593007f0392
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
104e4d5a6a26a46ae64e86ecdd78d55744cb469eea69e12c853856c69455c9d0
1085ca7b96d9f287bf35a440569948a42787e6a6b94144936149dee077b22277
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1c603a1c78bc2ed7cc089dc42cc00352275f1f38d3014035fd48c39092bf5742
23c79bb552706be2ca97bdb259921e3269a5263326b147676c2f7909a45b58c9
29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9
2ae177481a90607372db6e6c484074e6ec1b907a00719a14c48f986ef6407e5d
2ee924e04a73419bd3ed661d8f92368297f257bd6f15540985d56b010f3f4c40
2f1c74ac47551cbb1afd2821b20f6dbace03cb63008d700fbedb2774450e17e2
3032fe164835c726fb0431b80a6e10fee3c873e6f7156d9ef612965c7a23267f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32a398551559147de00a9581403ae7e14230f11397e39e34887d0cbc5ed9c51d
335eaddd074f2af7ef851c9c581a1575c8d24cd75b5db228d8f0a656cba9c5ea
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
397850bc917afaa87d5ffce333fd3db75d324bb3a76249ab53cfd9e60197742b
44d21155299f7586529228bfb9bef99d121ad611a2c9496aa544f0ed1370f4ff
45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103
464dc877a3c96ff649aa9f9097adbae924c29f64ae475b155f34ae02464e5aa1
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
4fa1d7f87465a15ffd7ce5463d13cea5c00623d46bda85b019f2edbf0fc6264b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59d8f32f9827bd8b75b6be58811561c38cedcbda3c8fdea748247643064f18a0
6039cdb2c8028b73ddb9d711e7eb22834a8e11ba865283a7ed2fd2c75a401040
60dddbbf17b585a67eb9b93646e2968665e9eabe2a131ca6100f020a6ebe11b4
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64fdded9ab4b4066a71232c0d8c7e2416ec277f566adb122776af14c21831fc3
6a94c3a669de50840db9d342c92ff864bddb477fdd49c6b61a9606186f657be3
6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2
6de3f4b39bf59985cb5737871e56fb64c22feb0b5fa892240e942a17975d6d99
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
73110cc5fae491aacb5d66f89a119f50eb986fbe0cf768271ad65dac5af51763
7413d021cfa3a714f9b1566533983168240764a3c8c4d419fa3b03719c0c9ff9
74cd04f60065b6e31e98e97a89b616b2f46ac40ea2533bba749515688b4b8047
77b74a5bce714f35bfcde3cd6624f4ace3fbb31adeea328660110d7cd6849d72
78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e
7a291479495fbb281655d5e870c6d118dc6b7ed18e8c235aef5974c1e9de4e6c
7a6ac6e588a725241e6f43feaad46fb36de9682576f5f29c570edc3ec5247477
7ecc7ade390c050bcc20e786ed4c93566d4938f9686bdda10ffa0294e3ce0a06
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
83111c9cd3669321588e3daa1ea6ca8e4cf7eb07f533b4e93719b3d8d6603661
876f23e7657b92023a8e20eae73a01479a9984d9f3ecff70bb0c8cffeb6ebc71
87ea60a55055936658e6609f45bd09b8de7dc2dd5d4b1504ab0505dfe79880c9
8843adf3ca0ed217eaf8262a0b5c18fab60794b8373e26c398574d09b66f605d
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
90522044a3ff1c99765ed1af38b02d47525d02c43c2ae85281949a053c10c51f
949448840982c267cbacb0aadde067218f404646e15e92b72991715a2988d1f0
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
9a12ba86b06855102c8a4b1cb929b637ff5ded5deaedef609220b50846c7f992
9bda5343341ead54a0c80597dc185225b6a60da9d434910f9ee7d8e15212d746
9d7f45da9c21ab1ea23c2fddbfd6a1d78d4e4bfd13cb101aa86492734139c0fc
a1cfd68116a34b23c18bff8c57cda617cf20d2877a7c217edbbe6fda3c947096
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a8a7c6483f73f962abb0f768408bc73c219a0164ee43f60ac57595d314c1bebe
ac7af3b70637c40c88f4337d36f1cd7011e7f9dedf98047d0976884b94aba039
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
af35620b7d50811b905d201d7ee9d6bcaf4b93a4b818293fcc3e5716dd3f4156
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b0ee1b83a672e602c818711d3165f40b3c24571f136a76235b5e01bb542afd62
b4f1ff793b9ae11982096cb0c049cd0a0cee90b9cddfe72c35b33b370f743865
bbe42fb5feeda11de325045eff868104046ff83b358b1aaa724fa6cabcbd15fc
bc950a2a60439eedb15b706c2f0064c2e06cbacd8bb9f232d1c02669aed04a00
c45df86f5542ba7e4821902ddf409991ef392fddb8659aa96634e8acf6de54d6
c4681920200f339999ac3f6d4a6c5214d92e9a0edca00cfb91b28e3494ea03ff
caecb1f81fef3d2ee35eb9a7c72a7ac6a183f746390bacc056fae1067e001301
cf2c6216cecf308e00c3effb9ad006ad82f5b3c3af08056e2271e9e6441051c7
d147d45c98b73f762807832f53008c649c030391aa25b026b5b2a488a091b610
d6c6d0b6440485f2536e96758b074c4713ef69a56511f2af2128f23ce6eebdca
db93e96b947596fbe74d17d1f08a3f454ad7cd3e68eb2419900952ef98353dcd
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
df24ebf60aaa54667cae78dd6098d226d14eaafd714b536dd1ee6445003c2d99
e04db74921b8cb7f6d56d3eadba91253afe1d7788388f98e8357feb57c4dc84f
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4eeea35c7825f5aae1639cce0c5c6931d4936b0953a4cc3306ef9524700398d
e5afb1d597d8f5d70f17d3968e407d2ce25a9b7a587f2f723f3784c51b01f5e3
e7d16b4e62bd277e7a473d9ec7a6359daf824bce54e6bb8a6127a301b0576f48
e803cd8c5031ac6b0d099a2d96ba1c3ee44782649a7f7c6f0d09b6410d93e216
e8c2e4d6ab0ad2f055a6cc3c777d31531e665758db5ca815f2613afad72f7088
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f300d45eb31107c61ac80ec701d5bc8f03aa0ca37c4cae99e11271888300e0c1
f42816ce1cc02b9cae08862251d701859e65481d2c6cd6c2f9c45d4a4805e87f
fa1a55794f713fc3a423ea438b9426bd741691a8c34eb960e1aa6bcbf0ffad67
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

go.usatimepost.com Open in urlscan Pro 185.217.92.81 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

153 Requests

99 %HTTPS

74 %IPv6

14 Domains

25 Subdomains

24 IPs

4 Countries

2338 kBTransfer

4770 kBSize

5 Cookies

0 Outgoing links

Redirected requests

153 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

go.usatimepost.com Open in urlscan Pro
185.217.92.81 Public Scan

Screenshot
Live screenshot

Full Image

153
Requests

99 %
HTTPS

74 %
IPv6

14
Domains

25
Subdomains

24
IPs

4
Countries

2338 kB
Transfer

4770 kB
Size

5
Cookies

153 HTTP transactions
7 data transactions