urlscan.io logo urlscan.io
SecurityTrails logo

uintacountyherald.com Open in urlscan Pro
2606:4700:3036::ac43:9f0b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://uintacountyherald.com/
Effective URL: https://uintacountyherald.com/
Submission: On November 29 via api from LU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 103 IPs in 12 countries across 70 domains to perform 395 HTTP transactions. The main IP is 2606:4700:3036::ac43:9f0b, located in United States and belongs to CLOUDFLARENET, US. The main domain is uintacountyherald.com.
TLS certificate: Issued by GTS CA 1P5 on October 30th 2023. Valid for: 3 months.
This is the only time uintacountyherald.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
31 2606:4700:303... 13335 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42::649 54113 (FASTLY)
2 99.84.88.126 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
4 99.86.4.105 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 4 34.226.8.214 14618 (AMAZON-AES)
1 2600:9000:20a... 16509 (AMAZON-02)
22 172.66.41.9 13335 (CLOUDFLAR...)
3 51.222.11.30 16276 (OVH)
7 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 5 108.138.36.73 16509 (AMAZON-02)
1 108.156.60.6 16509 (AMAZON-02)
1 35.244.174.68 396982 (GOOGLE-CL...)
10 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 130.211.10.17 396982 (GOOGLE-CL...)
2 185.245.80.231 62240 (CLOUVIDER...)
4 2a00:1450:400... 15169 (GOOGLE)
3 18.173.187.118 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 18.66.192.117 16509 (AMAZON-02)
1 23.43.60.191 16625 (AKAMAI-AS)
1 18.239.36.81 16509 (AMAZON-02)
1 172.64.149.180 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 172.64.152.89 13335 (CLOUDFLAR...)
38 108.138.36.126 16509 (AMAZON-02)
3 52.222.208.154 16509 (AMAZON-02)
8 54.88.122.215 14618 (AMAZON-AES)
4 18.173.154.87 16509 (AMAZON-02)
8 99.81.36.123 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 34.120.133.55 396982 (GOOGLE-CL...)
1 34.202.199.100 14618 (AMAZON-AES)
3 35.71.131.137 16509 (AMAZON-02)
1 35.244.193.51 396982 (GOOGLE-CL...)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
22 2a00:1450:400... 15169 (GOOGLE)
1 108.138.36.117 16509 (AMAZON-02)
1 18.245.60.23 16509 (AMAZON-02)
1 104.18.13.242 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 184.30.211.26 16625 (AKAMAI-AS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 18.173.191.32 16509 (AMAZON-02)
1 2a02:2638:3::12 44788 (ASN-CRITE...)
14 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 18.66.97.98 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a02:2638:3::9 44788 (ASN-CRITE...)
4 18.66.97.40 16509 (AMAZON-02)
1 34.120.58.62 396982 (GOOGLE-CL...)
11 2a02:2638:3::3 44788 (ASN-CRITE...)
1 178.250.1.6 44788 (ASN-CRITE...)
2 46.228.174.115 56396 (AMOBEE)
6 11 104.18.36.155 13335 (CLOUDFLAR...)
1 69.173.144.137 26667 (RUBICONPR...)
1 18.239.36.10 16509 (AMAZON-02)
1 185.64.189.112 62713 (AS-PUBMATIC)
4 7 37.252.172.123 29990 (ASN-APPNEX)
1 3.127.78.12 16509 (AMAZON-02)
11 2a02:2638:3::10 44788 (ASN-CRITE...)
1 2a02:2638:3::1a 44788 (ASN-CRITE...)
1 216.52.2.91 30282 (AS-INAPCD...)
6 34.98.64.218 396982 (GOOGLE-CL...)
1 72.34.250.77 27630 (AS-XFERNET)
2 2607:f8b0:400... 15169 (GOOGLE)
1 99.84.88.22 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
8 19 142.250.186.66 15169 (GOOGLE)
2 172.217.16.134 15169 (GOOGLE)
8 138.201.63.150 24940 (HETZNER-AS)
1 4 46.4.10.47 24940 (HETZNER-AS)
1 4 144.76.91.199 24940 (HETZNER-AS)
3 5 145.239.193.130 16276 (OVH)
3 88.198.250.30 24940 (HETZNER-AS)
2 2a0b:4d07:102::1 44239 (PROINITY ...)
2 4 2a01:4f8:d0a:... 24940 (HETZNER-AS)
2 49.12.16.151 24940 (HETZNER-AS)
2 3.11.123.127 16509 (AMAZON-02)
2 4 172.217.18.102 15169 (GOOGLE)
1 1 94.23.99.218 16276 (OVH)
2 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 3 2606:4700::68... 13335 (CLOUDFLAR...)
2 6 18.157.205.178 16509 (AMAZON-02)
2 3 2a05:d018:d29... 16509 (AMAZON-02)
3 35.186.253.211 15169 (GOOGLE)
2 3 69.173.144.139 26667 (RUBICONPR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 18.244.28.99 16509 (AMAZON-02)
2 18.239.50.115 16509 (AMAZON-02)
4 35.177.10.97 16509 (AMAZON-02)
2 23.218.210.30 16625 (AKAMAI-AS)
4 4 185.184.8.90 204995 (RTB-HOUSE...)
3 69.166.1.34 27630 (AS-XFERNET)
1 1 193.0.160.131 54312 (ROCKETFUEL)
1 1 54.159.136.91 ()
1 1 2620:116:800d... 16509 (AMAZON-02)
2 2 37.157.6.233 198622 (ADFORM)
1 2 52.95.125.22 16509 (AMAZON-02)
395 103
1    2606:4700:3035::6815:3136 (United States)

ASN13335 (CLOUDFLARENET, US)
uintacountyherald.com
31    2606:4700:3036::ac43:9f0b (United States)

ASN13335 (CLOUDFLARENET, US)
uintacountyherald.com
9    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
imasdk.googleapis.com
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
2    99.84.88.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-126.muc50.r.cloudfront.net
cdn-gateflipp.flippback.com
4    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
4    99.86.4.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-105.fra6.r.cloudfront.net
assets.revcontent.com
1    2a00:1450:4001:81c::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
japfg-trending-content.uc.r.appspot.com
4    34.226.8.214 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-8-214.compute-1.amazonaws.com
www.civicscience.com
1    2600:9000:20a0:aa00:f:c7b3:ce40:93a1 (United States)

ASN16509 (AMAZON-02, US)
d2zqfs55y95cft.cloudfront.net
22    172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)
resources.infolinks.com
router.infolinks.com
rt3014.infolinks.com
3    51.222.11.30 (Canada)

ASN16276 (OVH, FR)
PTR: ns5004195.ip-51-222-11.net
ads.empowerlocal.co
7    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
5    108.138.36.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-73.muc50.r.cloudfront.net
embed.sendtonews.com
1    108.156.60.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-60-6.ams1.r.cloudfront.net
embedcdn.sendtonews.com
1    35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
10    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh3.googleusercontent.com
6    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    130.211.10.17 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 17.10.211.130.bc.googleusercontent.com
www.justapinch.com
2    185.245.80.231 (Poplar, United Kingdom)

ASN62240 (CLOUVIDER Clouvider - Global ASN, GB)
servedbyadbutler.com
4    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
3    18.173.187.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-118.muc50.r.cloudfront.net
p.flipp.com
2    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    18.66.192.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-117.muc50.r.cloudfront.net
static.hotjar.com
1    23.43.60.191 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-43-60-191.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    18.239.36.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-36-81.ams58.r.cloudfront.net
cdn.ads-flipp.com
1    172.64.149.180 (United States)

ASN13335 (CLOUDFLARENET, US)
js-sec.indexww.com
3    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    172.64.152.89 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-ima.33across.com
38    108.138.36.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-126.muc50.r.cloudfront.net
d29xw9s9x32j3w.cloudfront.net
3    52.222.208.154 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-208-154.fra56.r.cloudfront.net
c.amazon-adsystem.com
8    54.88.122.215 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-122-215.compute-1.amazonaws.com
s2l.sendtonews.com
4    18.173.154.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-87.muc50.r.cloudfront.net
script.hotjar.com
8    99.81.36.123 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
trends.revcontent.com
yeet.revcontent.com
2    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    34.120.133.55 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
1    34.202.199.100 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-199-100.compute-1.amazonaws.com
id.sv.rkdms.com
3    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
1    35.244.193.51 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.193.244.35.bc.googleusercontent.com
lexicon.33across.com
4    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
22    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    108.138.36.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-117.muc50.r.cloudfront.net
config.aps.amazon-adsystem.com
1    18.245.60.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-23.fra60.r.cloudfront.net
player.sendtonews.com
1    104.18.13.242 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.resonate.com
2    2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pubads.g.doubleclick.net
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    184.30.211.26 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-211-26.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    2606:4700:10::ac43:246e (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.hadronid.net
1    18.173.191.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-191-32.muc50.r.cloudfront.net
aax.amazon-adsystem.com
1    2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
ads.eu.criteo.com
14    2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    2606:4700:10::ac43:17ea (United States)

ASN13335 (CLOUDFLARENET, US)
id.hadron.ad.gt
a.ad.gt
1    18.66.97.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-98.fra56.r.cloudfront.net
img.revcontent.com
2    2a00:1450:4001:80b::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
japfg-trending-content.appspot.com
2    2606:4700:4400::6812:2b5a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.confiant-integrations.net
1    2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
rtb.nl3.eu.criteo.com
4    18.66.97.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-40.fra56.r.cloudfront.net
images.revcontent.com
1    34.120.58.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.58.120.34.bc.googleusercontent.com
www.americanhometownmedia.com
11    2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
cat.nl3.eu.criteo.com
2    46.228.174.115 (United Kingdom)

ASN56396 (AMOBEE, GB)
targeting.unrulymedia.com
11    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
htlb.casalemedia.com
dsum-sec.casalemedia.com
ssum-sec.casalemedia.com
1    69.173.144.137 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
prebid-server.rubiconproject.com
1    18.239.36.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-36-10.ams58.r.cloudfront.net
hb.undertone.com
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
7    37.252.172.123 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    3.127.78.12 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-78-12.eu-central-1.compute.amazonaws.com
tlx.3lift.com
11    2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
imageproxy.eu.criteo.net
1    2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
csm.eu.criteo.net
1    216.52.2.91 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
6    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
justapinch-com-d.openx.net
eu-u.openx.net
us-u.openx.net
1    72.34.250.77 (Hemet, United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
2    2607:f8b0:4001:c1e::78 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
csi.gstatic.com
1    99.84.88.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-22.muc50.r.cloudfront.net
sb.scorecardresearch.com
4    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
19    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
cm.g.doubleclick.net
2    172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f134.1e100.net
ad.doubleclick.net
8    138.201.63.150 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de
hal9000.redintelligence.net
4    46.4.10.47 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de
hal90002.redintelligence.net
4    144.76.91.199 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de
hal900018.redintelligence.net
5    145.239.193.130 (France)

ASN16276 (OVH, FR)
pv.medialead.de
3    88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de
pb.media01.eu
2    2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)
adv.office-partner.de
4    2a01:4f8:d0a:2321::2 (Germany)

ASN24940 (HETZNER-AS, DE)
cdn.retailads.net
2    49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de
futalis.de
2    3.11.123.127 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-11-123-127.eu-west-2.compute.amazonaws.com
track.webgains.com
4    172.217.18.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f6.1e100.net
5994599.fls.doubleclick.net
1    94.23.99.218 (France)

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu
medialead.de
2    2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)
dclk-match.dotomi.com
3    2606:4700::6812:19ad (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
6    18.157.205.178 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-205-178.eu-central-1.compute.amazonaws.com
x.bidswitch.net
3    2a05:d018:d29:3602:d09c:564c:cd27:b30c (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
3    35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com
rtb.openx.net
3    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
2    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
2    18.244.28.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-28-99.cdg52.r.cloudfront.net
analytics.webgains.io
2    18.239.50.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-50-115.ams58.r.cloudfront.net
cdn.track.production.webgains.team
4    35.177.10.97 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-177-10-97.eu-west-2.compute.amazonaws.com
api.webgains.io
2    23.218.210.30 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-210-30.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
4    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
3    69.166.1.34 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
1    193.0.160.131 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    54.159.136.91 (None, )

ASN- ()
sync.srv.stackadapt.com
1    2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
2    37.157.6.233 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
2    52.95.125.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
Apex Domain
Subdomains		 Transfer
40 googlesyndication.com
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 97
tpc.googlesyndication.com — Cisco Umbrella Rank: 149
247 KB
39 cloudfront.net
d2zqfs55y95cft.cloudfront.net
d29xw9s9x32j3w.cloudfront.net
2 MB
38 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
pubads.g.doubleclick.net — Cisco Umbrella Rank: 401
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 245
ad.doubleclick.net — Cisco Umbrella Rank: 154
5994599.fls.doubleclick.net — Cisco Umbrella Rank: 154836
263 KB
32 uintacountyherald.com
uintacountyherald.com
11 MB
23 criteo.net
static.criteo.net — Cisco Umbrella Rank: 668
imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10986
csm.eu.criteo.net — Cisco Umbrella Rank: 10557
172 KB
22 infolinks.com
resources.infolinks.com — Cisco Umbrella Rank: 6655
router.infolinks.com — Cisco Umbrella Rank: 2919
rt3014.infolinks.com — Cisco Umbrella Rank: 60772
391 KB
17 revcontent.com
assets.revcontent.com — Cisco Umbrella Rank: 7382
trends.revcontent.com — Cisco Umbrella Rank: 2528
img.revcontent.com — Cisco Umbrella Rank: 10265
images.revcontent.com — Cisco Umbrella Rank: 8685
yeet.revcontent.com — Cisco Umbrella Rank: 8368
162 KB
16 redintelligence.net
hal9000.redintelligence.net — Cisco Umbrella Rank: 38186
hal90002.redintelligence.net — Cisco Umbrella Rank: 251539
hal900018.redintelligence.net — Cisco Umbrella Rank: 228550
90 KB
15 sendtonews.com
embed.sendtonews.com — Cisco Umbrella Rank: 13101
embedcdn.sendtonews.com — Cisco Umbrella Rank: 15065
s2l.sendtonews.com — Cisco Umbrella Rank: 12990
player.sendtonews.com — Cisco Umbrella Rank: 14920
395 KB
11 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 511
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486
7 KB
10 googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 49
229 KB
9 openx.net
justapinch-com-d.openx.net — Cisco Umbrella Rank: 50162
rtb.openx.net — Cisco Umbrella Rank: 695
eu-u.openx.net — Cisco Umbrella Rank: 2753
us-u.openx.net — Cisco Umbrella Rank: 522
2 KB
9 gstatic.com
fonts.gstatic.com
csi.gstatic.com
250 KB
9 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
imasdk.googleapis.com — Cisco Umbrella Rank: 447
497 KB
7 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 246
5 KB
7 google.com
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 3040
adservice.google.com — Cisco Umbrella Rank: 105
2 KB
7 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 306
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 598
aax.amazon-adsystem.com — Cisco Umbrella Rank: 394
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 890
72 KB
6 webgains.io
analytics.webgains.io — Cisco Umbrella Rank: 30616
api.webgains.io — Cisco Umbrella Rank: 91573
38 KB
6 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 351
1 KB
6 medialead.de
pv.medialead.de — Cisco Umbrella Rank: 44040
medialead.de — Cisco Umbrella Rank: 43761
4 KB
6 rubiconproject.com
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 776
pixel.rubiconproject.com — Cisco Umbrella Rank: 376
eus.rubiconproject.com — Cisco Umbrella Rank: 602
token.rubiconproject.com — Cisco Umbrella Rank: 458
16 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
439 KB
5 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 727
script.hotjar.com — Cisco Umbrella Rank: 901
108 KB
4 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 592
2 KB
4 retailads.net
cdn.retailads.net — Cisco Umbrella Rank: 150278
11 KB
4 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1987
sync.go.sonobi.com — Cisco Umbrella Rank: 931
3 KB
4 civicscience.com
www.civicscience.com — Cisco Umbrella Rank: 5437
624 B
4 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 212
221 KB
3 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492
2 KB
3 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 860
s.tribalfusion.com — Cisco Umbrella Rank: 2311
2 KB
3 media01.eu
pb.media01.eu — Cisco Umbrella Rank: 74479
1013 B
3 ad.gt
id.hadron.ad.gt — Cisco Umbrella Rank: 1601
a.ad.gt — Cisco Umbrella Rank: 1844
4 KB
3 criteo.com
ads.eu.criteo.com — Cisco Umbrella Rank: 10450
rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 16925
cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 11552
56 KB
3 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 353
722 B
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223
30 KB
3 flipp.com
p.flipp.com — Cisco Umbrella Rank: 13096
3 empowerlocal.co
ads.empowerlocal.co — Cisco Umbrella Rank: 66526
14 KB
3 appspot.com
japfg-trending-content.uc.r.appspot.com — Cisco Umbrella Rank: 98841
japfg-trending-content.appspot.com — Cisco Umbrella Rank: 56343
6 KB
2 adform.net
c1.adform.net — Cisco Umbrella Rank: 599
1 KB
2 webgains.team
cdn.track.production.webgains.team — Cisco Umbrella Rank: 107304
6 KB
2 dotomi.com
dclk-match.dotomi.com — Cisco Umbrella Rank: 3451
207 B
2 webgains.com
track.webgains.com — Cisco Umbrella Rank: 62639
4 KB
2 futalis.de
futalis.de — Cisco Umbrella Rank: 313699
801 B
2 office-partner.de
adv.office-partner.de — Cisco Umbrella Rank: 217997
2 KB
2 unrulymedia.com
targeting.unrulymedia.com — Cisco Umbrella Rank: 792
169 B
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1481
113 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 6862
515 B
2 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1383
lexicon.33across.com — Cisco Umbrella Rank: 1497
4 KB
2 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 534
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 502
67 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
2 servedbyadbutler.com
servedbyadbutler.com — Cisco Umbrella Rank: 13820
27 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 415
api.rlcdn.com — Cisco Umbrella Rank: 957
453 B
2 flippback.com
cdn-gateflipp.flippback.com — Cisco Umbrella Rank: 12760
111 KB
1 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 764
493 B
1 stackadapt.com
sync.srv.stackadapt.com
1 KB
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 868
736 B
1 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 172
300 B
1 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 683
532 B
1 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 572
547 B
1 undertone.com
hb.undertone.com — Cisco Umbrella Rank: 3825
522 B
1 americanhometownmedia.com
www.americanhometownmedia.com — Cisco Umbrella Rank: 67403
103 KB
1 hadronid.net
cdn.hadronid.net — Cisco Umbrella Rank: 1779
10 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1155
17 KB
1 resonate.com
cdn.resonate.com — Cisco Umbrella Rank: 14730
96 B
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 300
17 KB
1 rkdms.com
id.sv.rkdms.com — Cisco Umbrella Rank: 5530
235 B
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 674
12 KB
1 ads-flipp.com
cdn.ads-flipp.com — Cisco Umbrella Rank: 33470
548 B
1 justapinch.com
www.justapinch.com — Cisco Umbrella Rank: 65755
22 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 762
75 KB
395 70
Domain Requested by
38 d29xw9s9x32j3w.cloudfront.net uintacountyherald.com
embed.sendtonews.com
cdnjs.cloudflare.com
32 uintacountyherald.com 1 redirects uintacountyherald.com
22 pagead2.googlesyndication.com imasdk.googleapis.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
pagead2.googlesyndication.com
19 cm.g.doubleclick.net 8 redirects googleads.g.doubleclick.net
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
eu-u.openx.net
14 tpc.googlesyndication.com dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
googleads.g.doubleclick.net
11 imageproxy.eu.criteo.net ads.eu.criteo.com
11 static.criteo.net ads.eu.criteo.com
cdnjs.cloudflare.com
static.criteo.net
10 rt3014.infolinks.com resources.infolinks.com
10 lh3.googleusercontent.com uintacountyherald.com
9 resources.infolinks.com uintacountyherald.com
resources.infolinks.com
8 hal9000.redintelligence.net dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
hal900018.redintelligence.net
hal90002.redintelligence.net
8 dsum-sec.casalemedia.com 4 redirects googleads.g.doubleclick.net
8 s2l.sendtonews.com embed.sendtonews.com
7 ib.adnxs.com 4 redirects embed.sendtonews.com
googleads.g.doubleclick.net
7 fonts.gstatic.com fonts.googleapis.com
6 x.bidswitch.net 2 redirects dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
eu-u.openx.net
6 www.googletagmanager.com uintacountyherald.com
www.google-analytics.com
adv.office-partner.de
www.googletagmanager.com
6 fonts.googleapis.com uintacountyherald.com
embed.sendtonews.com
client
hal900018.redintelligence.net
hal90002.redintelligence.net
5 pv.medialead.de 3 redirects hal90002.redintelligence.net
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
5 embed.sendtonews.com 1 redirects uintacountyherald.com
embed.sendtonews.com
5 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
uintacountyherald.com
4 creativecdn.com 4 redirects
4 api.webgains.io analytics.webgains.io
4 5994599.fls.doubleclick.net 2 redirects uintacountyherald.com
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
4 cdn.retailads.net 2 redirects futalis.de
4 hal900018.redintelligence.net 1 redirects dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
hal900018.redintelligence.net
4 hal90002.redintelligence.net 1 redirects dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
hal90002.redintelligence.net
4 googleads.g.doubleclick.net dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
pagead2.googlesyndication.com
4 yeet.revcontent.com assets.revcontent.com
4 images.revcontent.com uintacountyherald.com
4 www.google.com uintacountyherald.com
tpc.googlesyndication.com
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
4 trends.revcontent.com assets.revcontent.com
4 script.hotjar.com static.hotjar.com
script.hotjar.com
uintacountyherald.com
4 dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com securepubads.g.doubleclick.net
4 www.civicscience.com 1 redirects www.civicscience.com
4 assets.revcontent.com uintacountyherald.com
assets.revcontent.com
4 www.googletagservices.com uintacountyherald.com
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
3 us-u.openx.net eu-u.openx.net
3 sync.go.sonobi.com
3 rtb.openx.net dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
eu-u.openx.net
3 pr-bh.ybp.yahoo.com 2 redirects eu-u.openx.net
3 pb.media01.eu hal90002.redintelligence.net
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
hal900018.redintelligence.net
3 match.adsrvr.org js-sec.indexww.com
eu-u.openx.net
3 router.infolinks.com resources.infolinks.com
3 c.amazon-adsystem.com embed.sendtonews.com
c.amazon-adsystem.com
3 imasdk.googleapis.com embed.sendtonews.com
imasdk.googleapis.com
resources.infolinks.com
3 cdnjs.cloudflare.com embed.sendtonews.com
ads.eu.criteo.com
3 p.flipp.com cdn-gateflipp.flippback.com
3 ads.empowerlocal.co uintacountyherald.com
ads.empowerlocal.co
2 aax-eu.amazon-adsystem.com 1 redirects eu-u.openx.net
2 c1.adform.net 2 redirects
2 eu-u.openx.net www.americanhometownmedia.com
eu-u.openx.net
2 eus.rubiconproject.com embed.sendtonews.com
eus.rubiconproject.com
2 cdn.track.production.webgains.team dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
2 analytics.webgains.io track.webgains.com
2 adservice.google.com 5994599.fls.doubleclick.net
2 ssum-sec.casalemedia.com 2 redirects
2 pixel.rubiconproject.com 2 redirects
2 a.tribalfusion.com 1 redirects dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
2 dclk-match.dotomi.com dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
2 track.webgains.com uintacountyherald.com
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
2 futalis.de hal90002.redintelligence.net
hal900018.redintelligence.net
2 adv.office-partner.de hal90002.redintelligence.net
hal900018.redintelligence.net
2 ad.doubleclick.net dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
2 csi.gstatic.com imasdk.googleapis.com
2 targeting.unrulymedia.com embed.sendtonews.com
2 cdn.confiant-integrations.net www.googletagmanager.com
cdn.confiant-integrations.net
2 japfg-trending-content.appspot.com uintacountyherald.com
2 id.hadron.ad.gt cdn.hadronid.net
2 pubads.g.doubleclick.net embed.sendtonews.com
imasdk.googleapis.com
2 www.google.de uintacountyherald.com
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 www.google-analytics.com uintacountyherald.com
www.google-analytics.com
2 servedbyadbutler.com ads.empowerlocal.co
uintacountyherald.com
2 cdn-gateflipp.flippback.com uintacountyherald.com
1 cms.quantserve.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 p.rfihub.com 1 redirects
1 token.rubiconproject.com eus.rubiconproject.com
1 s.tribalfusion.com dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
1 medialead.de 1 redirects
1 sb.scorecardresearch.com uintacountyherald.com
1 apex.go.sonobi.com www.americanhometownmedia.com
1 justapinch-com-d.openx.net www.americanhometownmedia.com
1 ap.lijit.com www.americanhometownmedia.com
1 a.ad.gt cdn.hadronid.net
1 csm.eu.criteo.net ads.eu.criteo.com
1 tlx.3lift.com embed.sendtonews.com
1 hbopenbid.pubmatic.com embed.sendtonews.com
1 hb.undertone.com embed.sendtonews.com
1 prebid-server.rubiconproject.com embed.sendtonews.com
1 htlb.casalemedia.com embed.sendtonews.com
1 cat.nl3.eu.criteo.com ads.eu.criteo.com
1 www.americanhometownmedia.com uintacountyherald.com
1 rtb.nl3.eu.criteo.com dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
1 img.revcontent.com uintacountyherald.com
1 ads.eu.criteo.com dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
1 aax.amazon-adsystem.com c.amazon-adsystem.com
1 cdn.hadronid.net uintacountyherald.com
1 secure.cdn.fastclick.net uintacountyherald.com
1 region1.analytics.google.com www.googletagmanager.com
1 cdn.resonate.com embed.sendtonews.com
1 player.sendtonews.com embed.sendtonews.com
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 s0.2mdn.net imasdk.googleapis.com
1 lexicon.33across.com cdn-ima.33across.com
1 id.sv.rkdms.com js-sec.indexww.com
1 api.rlcdn.com js-sec.indexww.com
1 cdn-ima.33across.com embed.sendtonews.com
1 js-sec.indexww.com embed.sendtonews.com
1 cdn.ads-flipp.com cdn-gateflipp.flippback.com
1 ads.pubmatic.com assets.revcontent.com
1 static.hotjar.com uintacountyherald.com
1 www.justapinch.com uintacountyherald.com
1 idsync.rlcdn.com uintacountyherald.com
1 embedcdn.sendtonews.com uintacountyherald.com
1 d2zqfs55y95cft.cloudfront.net uintacountyherald.com
1 japfg-trending-content.uc.r.appspot.com uintacountyherald.com
1 code.jquery.com uintacountyherald.com
395 119
Subject Issuer Validity Valid
uintacountyherald.com
GTS CA 1P5		 2023-10-30 -
2024-01-28		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
flippback.com
Amazon RSA 2048 M01		 2023-09-18 -
2024-10-16		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
revcontent.com
Amazon RSA 2048 M02		 2023-05-18 -
2024-06-16		 a year crt.sh
*.appspot.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-15 -
2024-05-14		 a year crt.sh
servedbyadbutler.com
Sectigo RSA Domain Validation Secure Server CA		 2023-10-03 -
2024-01-03		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
sendtonews.com
Amazon RSA 2048 M02		 2023-10-22 -
2024-11-19		 a year crt.sh
*.googleusercontent.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
justapinch.com
Go Daddy Secure Certificate Authority - G2		 2023-04-18 -
2024-05-19		 a year crt.sh
flipp.com
Amazon RSA 2048 M01		 2023-07-31 -
2024-08-28		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.civicscience.com
Amazon RSA 2048 M02		 2023-04-04 -
2024-05-03		 a year crt.sh
*.pubmatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-26 -
2024-11-26		 a year crt.sh
indexww.com
Cloudflare Inc ECC CA-3		 2023-09-05 -
2024-09-03		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-06 -
2024-09-30		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.sendtonews.com
Amazon RSA 2048 M01		 2023-04-18 -
2024-05-16		 a year crt.sh
rkdms.com
Amazon RSA 2048 M03		 2023-10-04 -
2024-11-01		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
lexicon.33across.com
GTS CA 1D4		 2023-11-27 -
2024-02-25		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02		 2023-02-20 -
2024-03-20		 a year crt.sh
secure.cdn.fastclick.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-10-03 -
2024-10-03		 a year crt.sh
hadronid.net
GTS CA 1P5		 2023-10-05 -
2024-01-03		 3 months crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-16 -
2024-03-08		 a year crt.sh
*.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-29 -
2023-12-23		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
confiant-integrations.net
GTS CA 1P5		 2023-11-19 -
2024-02-17		 3 months crt.sh
*.nl3.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-30 -
2023-12-25		 3 months crt.sh
www.americanhometownmedia.com
Go Daddy Secure Certificate Authority - G2		 2023-05-14 -
2024-06-14		 a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-09 -
2024-01-06		 3 months crt.sh
*.targeting.unrulymedia.com
Sectigo RSA Domain Validation Secure Server CA		 2023-05-10 -
2024-05-10		 a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3		 2023-05-21 -
2024-05-20		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
*.undertone.com
Amazon RSA 2048 M02		 2023-08-03 -
2024-08-30		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2023-04-13 -
2024-05-11		 a year crt.sh
*.eu.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-17 -
2024-01-18		 3 months crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2023-05-06 -
2024-05-04		 a year crt.sh
*.openx.net
RapidSSL TLS RSA CA G1		 2023-08-18 -
2024-08-18		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2022-12-06 -
2024-01-07		 a year crt.sh
*.scorecardresearch.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-15 -
2023-12-28		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
redintelligence.net
R3		 2023-10-10 -
2024-01-08		 3 months crt.sh
*.media01.eu
RapidSSL TLS RSA CA G1		 2023-05-16 -
2024-05-15		 a year crt.sh
adv.office-partner.de
R3		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.futalis.de
R3		 2023-10-13 -
2024-01-11		 3 months crt.sh
pv.medialead.de
R3		 2023-10-12 -
2024-01-10		 3 months crt.sh
*.webgains.com
Amazon RSA 2048 M01		 2023-05-15 -
2024-06-13		 a year crt.sh
cdn.retailads.net
Encryption Everywhere DV TLS CA - G2		 2023-05-18 -
2024-05-17		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2023-08-15 -
2024-09-15		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2023-03-23 -
2024-03-23		 a year crt.sh
*.webgains.io
Amazon RSA 2048 M01		 2023-07-24 -
2024-08-22		 a year crt.sh
cdn.track.production.webgains.team
Amazon RSA 2048 M03		 2023-08-30 -
2024-09-27		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-29 -
2024-02-21		 6 months crt.sh

This page contains 30 frames:

Primary Page: https://uintacountyherald.com/
Frame ID: 0BECF10A244F4A14667C41EC544D2869
Requests: 189 HTTP requests in this frame

Frame: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DAB149F5318694C2753DE6A6E919BA5B
Requests: 1 HTTP requests in this frame

Frame: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Frame ID: AF7E0A08A69A41A25F00C7EBA46E1D22
Requests: 33 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3305933&wsid=0&pdom=uintacountyherald.com&purl=https%3A%2F%2Fuintacountyherald.com%2F
Frame ID: C4EA481B0E50E7B7D8F87C82304DC62B
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Frame ID: 421AA326F93431BD96AEAF44D07FC1A9
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 5359960A1F48C1777A6347228F991825
Requests: 1 HTTP requests in this frame

Frame: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4D2E597F38C5B90348496A9E6E1717B2
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Frame ID: 98C1F9B9A8313D2892DE68C5BA61B231
Requests: 26 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8EFDBAB9FB74632F3569B3DEEC8F2E1E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 53B463DBCD2FAE631BCF36216C0CEA2E
Requests: 2 HTTP requests in this frame

Frame: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: ECC3FA6F836CBEE2FDB3BA9A91E20ED2
Requests: 22 HTTP requests in this frame

Frame: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C9B1F76AB7CC5EECA489DFC54B7066D8
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUTU0l6C3pbfNL0Y-CmaxcIZnlKGT5-q7TsWglr4iaUDWRlgTIqQD-36ZwQ-DymFt0nT2PHRsSOjXQT3fnVCxOnPbSaoMBKBikVpELplGeE-bdBoR47CXYhI7LuxylEJAxomyit7BPCWHcnYWMGh6ax40cw9-V8h-vf3Ksgj4jOg7iG6Uo
Frame ID: 2A1319E94AF119F1C663BB7522593D03
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1n_juFTW_Zf8pIyeffLtWrM8VsVUsgzJTtMqG4QYCB48oi6M62X5bVH4DwEYNWHXXUtSwoo6IiUxPkdYC5ZR_c4jZPE_kGL2UjgTAd2pZUYVBB0SFp5iFBJ8CZQ3exPuI65DbuCU8eRF7f5WhrWNBrt6436G1ESqYzmoNhzuo2igxeEQ
Frame ID: 0EB157E630B38B066F1B7134F4646653
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 3D3D124417429D3F173E83EB3B369381
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: BD96357EB44A56931D670308C3094E90
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 32D98C45D50FEC971E002C3B82480BE8
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: A6A70416FDC6E3FF858FF72C127C66B6
Requests: 3 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767914
Frame ID: 53DE2C8EFE9F2E694034FFD8A2BD3BA4
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53747800141096604444554012523018&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 59E52EC30E067C76013D4A95118D4ED4
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 8A5623D2B24284C183B523B1FBC49833
Requests: 3 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767916
Frame ID: E69D4578A502535ABECD34F6554C3DAB
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22
Frame ID: 4927772A07D59D9C86202009D316153F
Requests: 2 HTTP requests in this frame

Frame: https://hal900018.redintelligence.net/request_content.php?s=53747800141096604444554012523018&a=14efa9bd
Frame ID: 735474F92ADED513C277313806A21E9D
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D005D4848A74A6139574E14EDB00444E
Requests: 9 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: AE37E8C4052063F78495491825777CD0
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Frame ID: 34F72B7113D90C23A8DFD1B7847A3F6D
Requests: 11 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328
Frame ID: 86B10214D49DA00DFCF333EB18865911
Requests: 2 HTTP requests in this frame

Frame: https://hal90002.redintelligence.net/request_content.php?s=50068900152000104444554012523002&a=c0aabf82
Frame ID: 42F0CCBBAF5CF4CDE2E55273C86F6F77
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 924A87689606A5246F90BD0DD6F976BA
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Breaking News from your Local News Source Leader in Evanston, Wyoming | Uinta County Herald

Page URL History Show full URLs

  1. http://uintacountyherald.com/ HTTP 302
    https://uintacountyherald.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • analytics\.webgains\.io
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

395
Requests

92 %
HTTPS

37 %
IPv6

70
Domains

119
Subdomains

103
IPs

12
Countries

16955 kB
Transfer

25655 kB
Size

56
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://uintacountyherald.com/ HTTP 302
    https://uintacountyherald.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22
  • https://www.civicscience.com/jspoll/4/civicscience-widget.js HTTP 302
  • https://d2zqfs55y95cft.cloudfront.net/jspoll/5/csw-polyfills.js
Request Chain 33
  • https://embed.sendtonews.com/player2/embedcode.php?fk=Be6nXXXs&cid=12385&SIZE=400&floatwidth=400 HTTP 302
  • https://embedcdn.sendtonews.com/easy-stn-player/7.27.3/embed.js
Request Chain 282
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
Request Chain 283
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWdvdToZxE.gKcOO0GHIlAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1&google_hm=2
Request Chain 284
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHJAFGSsAqEOazKZD0w16q8&google_cver=1
Request Chain 285
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzIxNTk5NzQ2NzE4NDgyNQ%3D%3D
Request Chain 286
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
Request Chain 287
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWdvdZZ-U3EBEBslUiNXFQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
Request Chain 288
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHJAFGSsAqEOazKZD0w16q8&google_cver=1
Request Chain 289
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzIxNTk5NzQ2NzE4NDgyNQ%3D%3D
Request Chain 301
  • https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=9633963709823&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=9633963709823&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 306
  • https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=1951894127326&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=1951894127326&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 310
  • https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=50068900152000104444554012523002&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
Request Chain 312
  • https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=50068900152000104444554012523002&ra_cnt_active=1&ra_cnt=1 HTTP 302
  • https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767914
Request Chain 313
  • https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=50068900152000104444554012523002&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
Request Chain 316
  • https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=53747800141096604444554012523018&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53747800141096604444554012523018&actionid=879111&produktid=ratenkredit&dt_url=
Request Chain 318
  • https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=53747800141096604444554012523018&ra_cnt_active=1&ra_cnt=1 HTTP 302
  • https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767916
Request Chain 320
  • https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22 HTTP 302
  • https://5994599.fls.doubleclick.net/activityi;dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22
Request Chain 322
  • https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=53747800141096604444554012523018&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
  • https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=53747800141096604444554012523018&t=htlp&gdpr=1&consent=1&gdpr_consent=
Request Chain 333
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEAOHgzAHPyxdTVFXjvXkvEs&google_cver=1&google_push=AXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAOHgzAHPyxdTVFXjvXkvEs&google_cver=1&google_push=AXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Request Chain 335
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECsQvFJKSdvXg2pWk7HSgxs&google_cver=1&google_push=AXcoOmTW_w7TU52JBfW2gG0hU5_F2EnseXkLrSMjyyt7GYtNHQEC_x2TKLP7Nmxqbso-sVAfWF_1os25W0y_BTOKcJaj1YoTbUQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTW_w7TU52JBfW2gG0hU5_F2EnseXkLrSMjyyt7GYtNHQEC_x2TKLP7Nmxqbso-sVAfWF_1os25W0y_BTOKcJaj1YoTbUQ&google_hm=eS1OcEw2c081RTJwSHVldUFWNTBzeVExVEdMTjNfVHE0c35B
Request Chain 337
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHKbDXEZ47cx-aHoD_2t0q4&google_cver=1&google_push=AXcoOmRVnqLfoYNfYeiYjLKqY3x_HXQhK_2z6_O-uhdhjBeZAt2-kF5gACb1rJXWvPZvsWJWisvW4u9qJYYgwjClUn95nr-ZyHw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBLMFFER1AtRC1LUUYy&google_push=AXcoOmRVnqLfoYNfYeiYjLKqY3x_HXQhK_2z6_O-uhdhjBeZAt2-kF5gACb1rJXWvPZvsWJWisvW4u9qJYYgwjClUn95nr-ZyHw
Request Chain 338
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_cver=1&google_push=AXcoOmSa-skKrlonX9IK8UJ3artOy5IkgQhdL7RX56DEFUPw-DpxxCLFDaUb4InUTONRyZe0F5HXXBlLvmVVJ3yKBJJDRa0vsw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_hm=ZWdvdToZxE-gKcOO0GHIlAAADTYAAAAB&google_nid=index&google_push=AXcoOmSa-skKrlonX9IK8UJ3artOy5IkgQhdL7RX56DEFUPw-DpxxCLFDaUb4InUTONRyZe0F5HXXBlLvmVVJ3yKBJJDRa0vsw
Request Chain 356
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=92d1c203-c7a5-4c51-8775-fdd6facf2f2e&google_hm=OTJkMWMyMDMtYzdhNS00YzUxLTg3NzUtZmRkNmZhY2YyZjJl HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKU-rQsPmhA-Uu9bEHy9z94&google_cver=1&ssp=sonobi&bsw_param=92d1c203-c7a5-4c51-8775-fdd6facf2f2e
Request Chain 357
  • https://creativecdn.com/cm-notify?pi=sonobi HTTP 302
  • https://creativecdn.com/cm-notify?pi=sonobi&tc=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=rh&nuid=j1IRy5uAAH27WG8A5cx6Mf3ndQKacPxX6QeZY7B3hUw&pi=sonobi&tc=1
Request Chain 358
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5140084928594550750
Request Chain 359
  • https://sync.srv.stackadapt.com/sync?nid=286 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=NHsiunraV11dasVxOJSEZiU6Ovk
Request Chain 363
  • https://creativecdn.com/cm-notify?pi=openx&gdpr=0 HTTP 302
  • https://creativecdn.com/cm-notify?pi=openx&gdpr=0&tc=1 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073053&val=9eiP9ZLdDAmnTr3O9rkS9wXaFn6GxAfSboKbRYdfVA0&pi=openx&gdpr=0&tc=1
Request Chain 364
  • https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=SH_I7kgsyeFTec_gT3zTuB1_ybpTecbuHXp3ApiU
Request Chain 365
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1459446577521559206
Request Chain 366
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=120beed1-2576-8570-b3a2-e23d6e597a3e HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=120beed1-2576-8570-b3a2-e23d6e597a3e&dcc=t
Request Chain 369
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFHVOsU-IH0a5FmvthgZr28&google_cver=1
Request Chain 372
  • https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328 HTTP 302
  • https://5994599.fls.doubleclick.net/activityi;dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328
Request Chain 381
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECsQvFJKSdvXg2pWk7HSgxs&google_cver=1&google_push=AXcoOmSQOXalzNoMD5-5h1O1nqoH5M8cjZbZRxXnCtp-bMVkapG2enpaD2t8R_2XgjIX_1v-xNnLAISV7LYApRYz0I0WaEZKU_T1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSQOXalzNoMD5-5h1O1nqoH5M8cjZbZRxXnCtp-bMVkapG2enpaD2t8R_2XgjIX_1v-xNnLAISV7LYApRYz0I0WaEZKU_T1&google_hm=eS1OcEw2c081RTJwSHVldUFWNTBzeVExVEdMTjNfVHE0c35B
Request Chain 383
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHKbDXEZ47cx-aHoD_2t0q4&google_cver=1&google_push=AXcoOmTK00XO6nwCk1JsaGv_em2WxP9U27YQ5uXfjeAmv5scMGM6o7_yowL9viulZCdAdniZMQK36tqkdhQ3L9dGTUVq2bRP_XRZ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBLMFFGSDMtMTMtNlVMMg==&google_push=AXcoOmTK00XO6nwCk1JsaGv_em2WxP9U27YQ5uXfjeAmv5scMGM6o7_yowL9viulZCdAdniZMQK36tqkdhQ3L9dGTUVq2bRP_XRZ
Request Chain 384
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_cver=1&google_push=AXcoOmRkVGXGC3_RByJ8xx4nOPxZWmRKVRVcafznqqx4xxCBjOAuHgaorZjoNZn4R8scbbmuLfkycUzjU4nuOPcIsaBMBfDXBZpp HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_hm=ZWdvdToZxE-gKcOO0GHIlAAADTYAAAAB&google_nid=index&google_push=AXcoOmRkVGXGC3_RByJ8xx4nOPxZWmRKVRVcafznqqx4xxCBjOAuHgaorZjoNZn4R8scbbmuLfkycUzjU4nuOPcIsaBMBfDXBZpp

395 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
uintacountyherald.com/
Redirect Chain
  • http://uintacountyherald.com/
  • https://uintacountyherald.com/
42 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ef74839b7325b8e49c955d2ce092a906e6ca09b3853fcfaaca6bb8dec42f327

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82dc70272d491cc5-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 29 Nov 2023 17:05:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6Wfv4pNE1uF3NpDjWsL0sNzba%2BhfcL92M52drQzT%2BgCDh9SWpUQf4CrR5K%2BHdOkZiQTv6iO9inNT0RboA4EOTr0nwbnqv34Ef8ibJiSHt%2F55Bj9Ij9m2rbgS716XNRBOTXju3wdvDMoObAq%2BT9pH2DjZFo%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
82dc70247a2b9279-FRA
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 29 Nov 2023 17:05:53 GMT
Location
https://uintacountyherald.com/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1JRPq1WsJBsqzecUChZIsIf6NeXIBCGI0JeeGu2dfjOpPmudMpN%2F8%2B9Vr0xNp9a3ajDs0P5V9wOOl5dDbpg5xgf98Q9hEPyF53AZShi89RE9fjIaT4AmnHA0d%2Fj%2FLChBfgQICUNIsVDe6xBe9Qv%2Bkri7zc%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400
css
fonts.googleapis.com/ 		19 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,600italic,800,800italic
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
830d898d934130a45af1c5cb362bacc74be0edff8ada096b4df52dcc89e9a7d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 17:05:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:05:54 GMT
core.css
uintacountyherald.com/css/ 		331 KB
57 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/css/core.css
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96c159e310173e9827e0a00baacffc759052a14e6aa8c49f9abaf7f1c5fc3010

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 11 May 2020 13:32:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"52a85-5a55f613ddcb4-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aag3v2Qzmti3uOFv50L0X9lWByPGDZaN9oGGXUSvCwi5uMN3gNuVuM9Fk8zfaMBmZSyRHQ%2FpdkeyTBEfHhLB34CRI%2FjJ%2Bw2qavsl91Km%2BJTPc%2FrV92dDjpxeEblu9UXVJaRaYpduvMEbcJz7GT3QDFWNKJ4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
82dc70292f9e1cc5-FRA
alt-svc
h3=":443"; ma=86400
frontend.css
uintacountyherald.com/css/ 		58 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/css/frontend.css
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32fbee0e8be54aeae443085720bd3251c1313dc770591fb042059a029ace29d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 22 Oct 2023 19:20:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"e81a-60852fdfc2915-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIxLFAFF%2BQ5Q2Kv11logiRJ%2FMa8aHSvmFmWF%2F6JA40aWUB%2Fyr1U0SZvqKncLyQtdAnJ4G%2FZV5xN0pdoYpaBxxCKX7KFhemtW9qoJMz9OPx1Rw4dmhPPMjnXh2B2A%2FxVJS9sqhsY8HZWqdd7nygtnJBDp8Sw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
82dc70292fa21cc5-FRA
alt-svc
h3=":443"; ma=86400
jquery-2.2.4.js
code.jquery.com/ 		252 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-2.2.4.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
6475350
x-cache
HIT, HIT
content-length
76245
x-served-by
cache-lga21969-LGA, cache-fra-eddf8230020-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1701277554.123420,VS0,VE0
etag
W/"28feccc0-3ee0f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
6556, 56979
core.js
uintacountyherald.com/js/ 		697 KB
211 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/js/core.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b41eaede202328cb31b62ef15ba289d329227d8c8c30531e5414249b9de2015c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 27 Jan 2022 18:18:19 GMT
server
cloudflare
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=802892
etag
W/"c404c-5d69457c07ac5-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FK0AmE%2F0JXakxaJPG2EDJmfKNTZqbYbRLeFU32PxnuhzEaxYAZ9iDbvGRcejbvXzYvPs9%2FOO%2FuYDtYxJtFTO7%2FA8e5800hUoHS5S43QZTnzX%2BkcBQ%2BrMcOSzjKWm%2BDOvQcjGIb0SdG0bzEjUthcafwZ95o%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dc70292fa51cc5-FRA
alt-svc
h3=":443"; ma=86400
frontend.js
uintacountyherald.com/js/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/js/frontend.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72311de052bfd96ef38559c81b625ca11bd5d4cc47a927c326b95aedad11aa1e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Sun, 24 Jan 2021 17:26:45 GMT
server
cloudflare
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=37767
etag
W/"9387-5b9a8b9bc5949-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2dre5q19pAB0%2FS%2FRFZTdYcYRWY2ZI%2B4sDmNbBKUqNMXg2vMBr%2FNYrH%2FEUysUmtAPz244CLGdy64L8KKBnC5yPoikRBChMeuIGds6D9qOT5bLX2I1RkHqoQ2TDVRy3MaAPg%2BoosEVTJWjAEyElk9OdEzU1k%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dc70292fa91cc5-FRA
alt-svc
h3=":443"; ma=86400
flipptag.js
cdn-gateflipp.flippback.com/tag/js/ 		264 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=%201262363
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-126.muc50.r.cloudfront.net
Software
envoy /
Resource Hash
311820d5eb820b43c8c8df75eb1c876220373554190e7e91f3c3e43d8faf725b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
gzip
via
1.1 ea6cdb5ba8bfb6f6aa18ec6651e5bc42.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
MUC50-C1
vary
Origin,Origin, Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
no-store
x-envoy-upstream-service-time
6
x-amz-cf-id
l2Oh0q-AOkUBxM3ptRFYORA2zu0ZB4FM92oKeq9ZHf5oHzTgmnv1mA==
flipptag.js
cdn-gateflipp.flippback.com/tag/js/ 		264 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=%201262364
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-126.muc50.r.cloudfront.net
Software
envoy /
Resource Hash
311820d5eb820b43c8c8df75eb1c876220373554190e7e91f3c3e43d8faf725b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
gzip
via
1.1 ea6cdb5ba8bfb6f6aa18ec6651e5bc42.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
MUC50-C1
vary
Origin,Origin, Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
no-store
x-envoy-upstream-service-time
6
x-amz-cf-id
lGYNsTx_OCXCDqfk4Acsqg2FoJbhSJGMK2Q76rypHaAmnlWXg3FPTw==
gpt.js
www.googletagservices.com/tag/js/ 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c39917236430bd958523690f9f885ce328c86dda41009e88b42a75d1cc7b9954
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30016
x-xss-protection
0
server
cafe
etag
355 / 19690 / m202311150101 / config-hash: 3080115608911758694
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:05:54 GMT
6b80b3e7c63ef9a362e24abd4f27512e.jpg
uintacountyherald.com/storage/2017/03/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2017/03/6b80b3e7c63ef9a362e24abd4f27512e.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06827a14761ece907961a2dedebe66ddaa89a18f875b94db92c4f2acf5b7f6aa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Mon, 11 May 2020 13:24:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"793b-5a55f45d0146e-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NPvJaV17CX5W3wnGxbqVn7GHWhDVN1ShJPmSLJbk3ov7W6Gc5aGXYTaJa%2FfjkAP9JkrXraFDfZ5eiMnJckBDASuqpm6IzdFhZaG1q5ExmdT9LD%2FHDNw3tUINmdPQ9x4yq5A1UC8kR7UMXEbNln9a1sPTzPA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc70292fac1cc5-FRA
alt-svc
h3=":443"; ma=86400
email-decode.min.js
uintacountyherald.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 27 Nov 2023 12:56:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"656491fe-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNpwWzIxDp1JudIahIp346qi6IUEc18xtsjvKsh1kM1YVJwfT1wBLiGyvYMXyvzJ3%2BOaVAaPpYlZb9eSyBK%2BSR%2BkHwQIwQ%2BdgSpYFV1OcS2IA2RT4HUigYT1vt7I6yBCZG%2B8ETropKj4IZITLzrnACA21Os%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
82dc70292fad1cc5-FRA
expires
Fri, 01 Dec 2023 17:05:54 GMT
5e925e72aae527119ae05881f787057d.png
uintacountyherald.com/storage/2023/09/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2023/09/5e925e72aae527119ae05881f787057d.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d59be64a04beed93e3eebbe6cc1bc2be05e6f03e726c59b17264735069549c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Fri, 29 Sep 2023 22:52:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"91a6-60687486c463a-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N1CLMWHV6RC2iVgzlw%2FxUGc9wSoAD3sUOIvB2RdpiEdZKihaortltpex3U4PcdyDDXq1YIg1og%2F2FJ3lXSn3%2BJUKMYHaWRqGX9kAuXxacWBG5ysce8le7lgTH6whRF6xWASxD4%2BAv9yNhkjXpmgYTc2GfPY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
cf-ray
82dc70294d521e4c-FRA
alt-svc
h3=":443"; ma=86400
abc9a1495b19244ed06ca886688a056d.png
uintacountyherald.com/storage/2023/09/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2023/09/abc9a1495b19244ed06ca886688a056d.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d59be64a04beed93e3eebbe6cc1bc2be05e6f03e726c59b17264735069549c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Fri, 29 Sep 2023 22:52:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"91a6-60687486c463a-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fSx%2FljdwECa6Ion3v%2Bl7W3e%2FDL%2FwplTsgJ%2BI7In8MAM%2FM315vGq%2Fg6u8cMmsu9uozDkaHWeV9gNIFCW2Wi5tVm%2BocAZlC9ulda%2F%2F4lI4aQPJkAqki111g4yc25lFrwLsI%2F18U3UY2o6%2FRqlDnQT8WhNFeYU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
cf-ray
82dc702a8f591e4c-FRA
alt-svc
h3=":443"; ma=86400
delivery.js
assets.revcontent.com/master/ 		162 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/delivery.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-105.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
69848d17f84889ee20b38a8ec02d1f7502ed0b3ae5352b9533a4cefd6bbe11d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 03:03:54 GMT
content-encoding
gzip
via
1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
last-modified
Mon, 06 Nov 2023 20:47:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
50521
x-amz-server-side-encryption
AES256
etag
W/"d639888467d34e28bf15173204590f92"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=60
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
Z6B1l2ZOmH7_8LpL82Pbo3HVUKfEwpZokZntgsztjkUnNxZGFHig0A==
trxtwo.php
japfg-trending-content.uc.r.appspot.com/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://japfg-trending-content.uc.r.appspot.com/trxtwo.php?s=10236&v=1&q=4&i=21
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
66178782b9e6b05a104c8ddd708c482af0e76efac62ee5f45d8062ecddacba6d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
gzip
via
1.1 google
server
nginx
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
32b857f43de71cefbeab6f5170d542a8.jpg
uintacountyherald.com/storage/2023/11/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2023/11/32b857f43de71cefbeab6f5170d542a8.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beaccc653c47d03c7afbc10a2ae03f6daeb78e15094aa18067533d2d4b4a3bf2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Wed, 29 Nov 2023 16:26:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"45252-60b4cfda6420d-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVYkSm4aCq9OzHig8HCkxokKVCTfj7BMrlLF7MUq8Whpr52b9kneUpPPnSkda2RGxT07TvppcAn7nAZ6mHo8lTWUE9uonusqCyzz6WjCSCFL1rehtH61qPA9KOZEvrsZyzTF7qWXCzhrJV%2BFEVebYat1574%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb8f21e4c-FRA
alt-svc
h3=":443"; ma=86400
722b01131f4b6a5dc94d02c8be8ef7db.jpg
uintacountyherald.com/storage/2023/11/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2023/11/722b01131f4b6a5dc94d02c8be8ef7db.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beaccc653c47d03c7afbc10a2ae03f6daeb78e15094aa18067533d2d4b4a3bf2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Wed, 29 Nov 2023 16:26:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"45252-60b4cfda6326d-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gP56uhR5nCuj7FGkQtgVO4AjFNUHuCjGuQfd9d7SS1aUeQK3lU9n1%2BxiJGicPeYxuHUXCbikQ9NisWx6Whry2kN0VBLSGqCzx0lzfXWmiZpvu2ZYlBNnOVjpkJ12KCQMTIhitDQsPu5R64vYSN613JBIatE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb8f51e4c-FRA
alt-svc
h3=":443"; ma=86400
5479a16e3589257928698d21a0285f54.png
uintacountyherald.com/storage/2023/11/ 		102 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2023/11/5479a16e3589257928698d21a0285f54.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ece864356b2a5fcc81af5663854530d87ebcb622acea8cc5a95bd7a64449ed3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Nov 2023 16:25:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"199ae-60919b99db75d-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZr7n6XcWJJnV%2B%2F%2FWndk0qrrWNmZj%2BnmvZM5fAop9oAhI2MVZJ9r1WuoRLLv3ZvDagQ5ekxw494R0andpmmGA4yJUObpKzVK7phFxg6GB%2FMn%2BmIXVrZgABDOzxYjN7SvDtvxlg5RBLVNr1nYmfJVVn0i%2BSE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
cf-ray
82dc702bb9001e4c-FRA
alt-svc
h3=":443"; ma=86400
f59dbc2d6c0c682cf13e7e1fd8a656a2.png
uintacountyherald.com/storage/2023/11/ 		102 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2023/11/f59dbc2d6c0c682cf13e7e1fd8a656a2.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ece864356b2a5fcc81af5663854530d87ebcb622acea8cc5a95bd7a64449ed3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Nov 2023 16:25:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"199ae-60919b99da7bd-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O2QluqzeDIJcYhQbJvm7hmKEBzhaKdsPFBElTgZrqbmWM0eThPr%2B%2BaRXHTwvzY9Mjz76%2BuSu26usNOUEN1GOZyHoCxbeNwhFJTwjXpnP%2FT93vpLXBieu7icx0OCn%2B2SqlkPvZDfhWusvEQ7zsj%2BPSSMY%2BZ8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
cf-ray
82dc702bb9031e4c-FRA
alt-svc
h3=":443"; ma=86400
f2a4abd93ed0b5037fbdad9f15e1d04b.jpg
uintacountyherald.com/storage/2022/12/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2022/12/f2a4abd93ed0b5037fbdad9f15e1d04b.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c7a64ef7927a72ad708b7e637fe15660ce2886926662417cc58cc7b1d4fc9d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Thu, 22 Dec 2022 14:46:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5295-5f06bbbca070c-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BP5hxq0tQ2IUSkbVkH0z9wvsyojETFJEbaACVOs6SuJreG%2BE%2BcWjqkG560KvlJdaVehzx4MUVBVb4u%2FSgYC69DBUhgJNLqfTHv0a5Os9JtJiIr8%2BCcgbfi29oLcnTKedGEbFSgCGrO157cHZJhJJjkQ7eqA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb9041e4c-FRA
alt-svc
h3=":443"; ma=86400
a1b4e52e6598859ec1acaea8cb2dae40.jpg
uintacountyherald.com/storage/2023/11/ 		318 KB
318 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2023/11/a1b4e52e6598859ec1acaea8cb2dae40.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15d2c9891ee435671284903c294405bada28295772a2e013e31f20cbe4242078

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Tue, 21 Nov 2023 22:17:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4f782-60ab0f77084c3-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O3ziXcZbUh%2FCaohtNfrpLtiWH6aqexkfWr879Lxhn9eZvP%2FXF7jOB39Qo5cZs7Btstul9QNO0RkYP2apwRe0bQmGUyl1UfrFAOZFhb5VLQZ22LWm8Y0%2Ba05OcGCgla7UyNxMvm16oAN8puNYfjj%2FOlZ8BvM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb9071e4c-FRA
alt-svc
h3=":443"; ma=86400
1cb6606700f63ca1b7b1268eda524533.jpg
uintacountyherald.com/storage/2023/11/ 		318 KB
318 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/storage/2023/11/1cb6606700f63ca1b7b1268eda524533.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15d2c9891ee435671284903c294405bada28295772a2e013e31f20cbe4242078

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Tue, 21 Nov 2023 22:17:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4f782-60ab0f77084c3-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Ir92Ef8TP8Nq2Qmi9iY3%2BWhLhcuU67vm68UCxDN116qHOmMsJjE3AaF1IRaiApbwkQndHkujmuuWF2NAbgpibdq7Nk3kAtZcU2q7rNBJjILNiNcvIkRpRgAsESFcN4I7%2BRJKvU2IWVSMw9L7PUWOpEIuOA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb90a1e4c-FRA
alt-svc
h3=":443"; ma=86400
csw-polyfills.js
d2zqfs55y95cft.cloudfront.net/jspoll/5/
Redirect Chain
  • https://www.civicscience.com/jspoll/4/civicscience-widget.js
  • https://d2zqfs55y95cft.cloudfront.net/jspoll/5/csw-polyfills.js
117 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2zqfs55y95cft.cloudfront.net/jspoll/5/csw-polyfills.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Server
2600:9000:20a0:aa00:f:c7b3:ce40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
228b3251f30d87c5d22b501e01b21a335a8e3d9966dff24f94b3d5a916b1df23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:47:38 GMT
content-encoding
gzip
via
1.1 0b7cb67940347be0c4ee6f93e9091938.cloudfront.net (CloudFront)
last-modified
Mon, 20 Nov 2023 16:47:03 GMT
server
AmazonS3
x-amz-cf-pop
AMS58-P2
age
1102
etag
W/"b60839808f96a73bc621ad0d3e83f258"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
-eSCE0ZvJZTgvEAskfpGcSJmjvyNW5tJgtxR51PeO7nvg2OS0jJ6iw==

Redirect headers

location
https://d2zqfs55y95cft.cloudfront.net:443/jspoll/5/csw-polyfills.js
date
Wed, 29 Nov 2023 17:05:54 GMT
server
awselb/2.0
content-length
110
content-type
text/html
theme.js
uintacountyherald.com/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/js/theme.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1b3793f1f30ddbc4854cafbf2b9bc37f21c9e6e16b5b87c5607c9f20f9bd77d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Sun, 22 Oct 2023 19:20:01 GMT
server
cloudflare
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
etag
W/"1121-60852fdfc7735-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2FWTGiX%2F30md6DL%2BqAp4jQ84pHXdvoVXgKPWF%2BtFk85bx0CgJ6n2eIHXEz83U%2FlSkK6%2FjC%2BBkXMj9HNDdXw6xkr7M1lG2TTrSbjm9Q%2BlqC3Js7P8DeI01ymJxmt2u6jAi9bw57RAEHZ%2FXq8AL5n0KteDlM4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
82dc702bb8fc1e4c-FRA
alt-svc
h3=":443"; ma=86400
infolinks_main.js
resources.infolinks.com/js/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/infolinks_main.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a2877d35b782162338bb95faedfa08559e23788db9d926e97da4d0efd2dbfc5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 14 Nov 2023 15:31:57 GMT
server
cloudflare
age
13236
etag
W/"1045-60a1e7cae1276"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
cf-ray
82dc702be84318c3-FRA
expires
Wed, 29 Nov 2023 14:25:18 GMT
;ID=181918;size=0x0;setID=517063;type=js;sw=1600;sh=1200;spr=1;kw=home;pid=5314064;place=0;rnd=5314064;click=CLICK_MACRO_PLACEHOLDER
ads.empowerlocal.co/adserve/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.empowerlocal.co/adserve/;ID=181918;size=0x0;setID=517063;type=js;sw=1600;sh=1200;spr=1;kw=home;pid=5314064;place=0;rnd=5314064;click=CLICK_MACRO_PLACEHOLDER
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.222.11.30 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns5004195.ip-51-222-11.net
Software
nginx /
Resource Hash
22ba78a268cae9924612821674d7891fec313237a2fcfdb12507ec40f4ea151f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type
application/javascript
access-control-allow-origin
*
cache-control
post-check=0, pre-check=0
access-control-allow-credentials
true
expires
Mon, 26 Jul 1997 05:00:00 GMT
25009f3f98ffbd263b013f97547373a6.jpg
uintacountyherald.com/uploads/images/2023/11/ 		212 KB
213 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/25009f3f98ffbd263b013f97547373a6.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3b65ede8aa80d69086ebfc2ba95190db553d3c3c2dea16d2680f3e38139cf69

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 20:33:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3508e-60b3c55d6a531-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68pd6o1TwnZBaCUyAacZlkXwsLGrTa%2FVdoYbZHTehku%2Bm%2Fc1jrwNuhM%2BAkXv9KTvMVzWVjwLAeOeVTN7LLWoe6Ze9wsNboU3vX2%2FNOSkcKbwq9JXBNGutf2rvAwiTLaVO0TVddImBdUqkXEo1C57vAMA5rU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb90c1e4c-FRA
alt-svc
h3=":443"; ma=86400
c55c9857fea7a37c96ad41fed57f6b52.jpg
uintacountyherald.com/uploads/images/2023/11/ 		301 KB
302 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/c55c9857fea7a37c96ad41fed57f6b52.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c063693d624db0edfc01cd250407f03a28978827eb522a63a9bd9a81de1d43fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 20:30:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4b44b-60b3c4b605ebd-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZzrWkAubgTw1dr9b7r9XDlc9SFUNqpH4iuYKdQ44ZUuNWdUMwY0ua3my1JlDDFKhkJjqyckfsqjNrFDo8Fd9FGmoqI0%2BfxXwW6Mg5NVYcUkbWXdYWei00KUoVEpjS11p5XxNP7B1CO%2BwWJ2Y4R2XHgQAGpI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb90e1e4c-FRA
alt-svc
h3=":443"; ma=86400
3c9137615603175ea2792b9952700e55.jpg
uintacountyherald.com/uploads/images/2023/11/ 		246 KB
247 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/3c9137615603175ea2792b9952700e55.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d17cd1b0750b9aca5b829de55c1825856c83c5a39308ba68f5a8f2a107836d02

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 20:37:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3d857-60b3c64c83888-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awbwAOSZeAtetqI0Xv4UsFHpsj40vlhJnipnFTQStyxzcn5QQbieWxYjdbkXhtyebHCviZgXeXZxwHfq2ijcavWQXNQPJdySP%2Fp6nZFmZHpYkILVWVpErKGGwpGNyBHZ0SO8fxulqgGKL%2FWg9PoLUSFM98g%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb90f1e4c-FRA
alt-svc
h3=":443"; ma=86400
712deeb2dd590e5f093eb8fc85091f14.jpg
uintacountyherald.com/uploads/images/2023/11/ 		175 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/712deeb2dd590e5f093eb8fc85091f14.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1718a500d475a7d43e60f5b0ae7da117ef7dae7b51b1d58c8187d3ccb7561469

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 20:44:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2ba68-60b3c7b37ecc0-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IWLRH096SFj1OogrjzhW1UnWlupqdjsbDJeORTR010J3jB50wE3VqbXSp8Y%2FyXOIwpzKgQyI%2B7GudaUwk93RSH30ejrRY3hCQyE8KGeXRwMPz%2BpaIzg%2FM08xWbPiqtCqn2gXkJU2LxijvIZdBmd%2FxBxk8wU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702bb9111e4c-FRA
alt-svc
h3=":443"; ma=86400
fontawesome-webfont.woff2
uintacountyherald.com/fonts/ 		69 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/fonts/fontawesome-webfont.woff2?v=4.6.1
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/css/core.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d

Request headers

Referer
https://uintacountyherald.com/css/core.css
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:54 GMT
cf-cache-status
HIT
last-modified
Sun, 22 Oct 2023 19:20:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"11448-60852fdfc4855-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iqJkhqanW9yEokZMkKDYs0dmV5MvQZveF0su6acvE0EdN15wGdgQRzFfvKbYyRpbMSr6LebKavm5ONszHfF61LoaMqoEiMUuiWrwTqgo6tlc%2BQb2iY5xcN05t1swu8EJquAoOZ0TxRfPZpG2JOOn9yxOYIs%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
cf-ray
82dc702bb9121e4c-FRA
alt-svc
h3=":443"; ma=86400
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,600italic,800,800italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 14:29:28 GMT
x-content-type-options
nosniff
age
441386
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48432
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:40:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 14:29:28 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/ 		431 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:19:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
2764
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138149
x-xss-protection
0
server
cafe
etag
11558412289700915514
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Thu, 28 Nov 2024 16:19:50 GMT
embed.js
embedcdn.sendtonews.com/easy-stn-player/7.27.3/
Redirect Chain
  • https://embed.sendtonews.com/player2/embedcode.php?fk=Be6nXXXs&cid=12385&SIZE=400&floatwidth=400
  • https://embedcdn.sendtonews.com/easy-stn-player/7.27.3/embed.js
7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embedcdn.sendtonews.com/easy-stn-player/7.27.3/embed.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Server
108.156.60.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-60-6.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1da668b550eefcd79d33e6ed0d2d95bdff861c0a27cb966283a9896135c25a25

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:29 GMT
x-amz-version-id
VYi.O2P8gHFZZ4__LTBAjISIUxc1PhGK
content-encoding
br
last-modified
Fri, 24 Nov 2023 22:51:00 GMT
server
AmazonS3
via
1.1 abf5199c76a5a64063b4cf8863f823aa.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P2
etag
W/"f96e856bda7624502366107fc623993a"
age
27
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
rkDyjtULzBH3B1yXU9xLVIzNGvajPOlZoqfqqAzDUyFKOxYII5TCgA==

Redirect headers

date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 91220e34cbdd95f669dbfd83e711fee6.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
MUC50-P2
x-cache
FunctionGeneratedResponse from cloudfront
location
https://embedcdn.sendtonews.com/easy-stn-player/7.27.3/embed.js
alt-svc
h3=":443"; ma=86400
content-length
0
x-amz-cf-id
Qg3rIeEe6lMHMBpRLDRhL56WltU7XG1JvNby_e0ePWj5ODxFxsY9pg==
app.js
ads.empowerlocal.co/ 		67 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.empowerlocal.co/app.js
Requested by
Host: ads.empowerlocal.co
URL: https://ads.empowerlocal.co/adserve/;ID=181918;size=0x0;setID=517063;type=js;sw=1600;sh=1200;spr=1;kw=home;pid=5314064;place=0;rnd=5314064;click=CLICK_MACRO_PLACEHOLDER
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.222.11.30 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns5004195.ip-51-222-11.net
Software
nginx /
Resource Hash
19f017b060eef42c6c184a49c2293ba61282cf67189da8025a13dd7dd680e588

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
last-modified
Mon, 06 Nov 2023 18:45:14 GMT
server
nginx
etag
W/"6549343a-10da1"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1800
expires
Wed, 29 Nov 2023 17:35:55 GMT
712559.gif
idsync.rlcdn.com/ 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/712559.gif?partner_uid=7f8ecb42-585c-4b66-b18e-b50477ca10b4
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
;MID=181918;type=e959fb862;placementID=1756037;setID=517063;channelID=0;CID=0;BID=520639829;TAID=0;place=0;matches=%5B%22home%22%5D;contKeyMatches=%5B%2212787%22%2C%2212790%22%2C%2212792%22%2C%2212...
ads.empowerlocal.co/adserve/ 		0
342 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.empowerlocal.co/adserve/;MID=181918;type=e959fb862;placementID=1756037;setID=517063;channelID=0;CID=0;BID=520639829;TAID=0;place=0;matches=%5B%22home%22%5D;contKeyMatches=%5B%2212787%22%2C%2212790%22%2C%2212792%22%2C%2212793%22%2C%2212794%22%2C%2212795%22%2C%2212796%22%2C%2212797%22%2C%2212798%22%2C%2212799%22%2C%2212800%22%2C%2212801%22%2C%2212802%22%2C%2212803%22%2C%2212804%22%5D;contCatMatches=%5B%2210595%22%5D;referrer=https%3A%2F%2Fuintacountyherald.com%2F;mt=1701277554955369;hc=ca02c2af4b6c2871f41078a5cbe67eea5feb1df8
Requested by
Host: ads.empowerlocal.co
URL: https://ads.empowerlocal.co/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.222.11.30 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns5004195.ip-51-222-11.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
cache-control
post-check=0, pre-check=0
access-control-allow-credentials
true
expires
Mon, 26 Jul 1997 05:00:00 GMT
easy-stn-player.js
embed.sendtonews.com/easy-stn-player/7.27.3/ 		669 KB
185 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.36.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-73.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
01f01b1e21685ff7d3205f6ab09c5f17880f5cebae153984ed37e924655b26f0

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:27 GMT
x-amz-version-id
9tVAw7AA5agsVkQuMFQO_0sGFxOeKP_B
content-encoding
br
last-modified
Fri, 24 Nov 2023 22:50:59 GMT
server
AmazonS3
age
29
x-amz-cf-pop
MUC50-P2
etag
W/"9e6d70c2b98a4c2a67d96133b1bbe2f7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
*
via
1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
RaUa-u5_ue1tw8L_mQucMbsHv9AvCg6R-pPNU5xMHtFQJ99JqG3Olg==
uVSg4fVPB5xLKnZPjLxkC3ZcSxXu5EdOMIRpH_eHSSMzGEQB28nyAV92haegeWggQA6BL5Z1N_87UHe9d9gtdljrVrvioRs_zZqZzhXY_KQ=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/uVSg4fVPB5xLKnZPjLxkC3ZcSxXu5EdOMIRpH_eHSSMzGEQB28nyAV92haegeWggQA6BL5Z1N_87UHe9d9gtdljrVrvioRs_zZqZzhXY_KQ=w450-h375-c-rj-l75
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
cbf112e7f6c6ce27de3f10dc88b8ff53f44c4df23ec42225eace10786cbf99d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:16:12 GMT
x-content-type-options
nosniff
age
13783
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52123
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 30 Nov 2023 13:16:12 GMT
QSYLLecapuItwnI-6aJ146RcffnTKrKRvY-S_RVFoaej0V3IMdmiI661_zOhz-BkhUuhHDuW3D2OcuymTJNgD8Sr9YXKpXEaaBPZ2Q=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 		923 B
1009 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/QSYLLecapuItwnI-6aJ146RcffnTKrKRvY-S_RVFoaej0V3IMdmiI661_zOhz-BkhUuhHDuW3D2OcuymTJNgD8Sr9YXKpXEaaBPZ2Q=s42-p-rj-l68-e365
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
7f4595c0922ca80c69791bc2c3b887d15679c02c4e3ba2ca67747aa5ee50bac8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:16:12 GMT
x-content-type-options
nosniff
age
13783
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
923
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
timing-allow-origin
*
expires
Tue, 27 Feb 2024 13:16:12 GMT
DiwiFAYMzUxZedLsVb-BNtGFutxSgbqV8iBoF_4DL5HsPju41e6_e0NH6LNr2htmBrGVyRDrUEwm9Wzy4X3gcTTASEfalw=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/DiwiFAYMzUxZedLsVb-BNtGFutxSgbqV8iBoF_4DL5HsPju41e6_e0NH6LNr2htmBrGVyRDrUEwm9Wzy4X3gcTTASEfalw=w450-h375-c-rj-l75
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
abceee02258e3f1fd5b1699be51e6cdd33f708917d4e6b8ad7ea6ec14b4d3a13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:20:55 GMT
x-content-type-options
nosniff
age
13500
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30793
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 30 Nov 2023 13:20:55 GMT
BkfF7DCrx_hv5mtEmHiSgP8M9NXJygMUDOzjzd7qLIvWa-tOt_jwgyhIyGVVBuY_5U2KM3JKdzntBkSI31qc_GPm7jVxFH7uWCV2dw5gwmR-JJGyUsw=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 		958 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/BkfF7DCrx_hv5mtEmHiSgP8M9NXJygMUDOzjzd7qLIvWa-tOt_jwgyhIyGVVBuY_5U2KM3JKdzntBkSI31qc_GPm7jVxFH7uWCV2dw5gwmR-JJGyUsw=s42-p-rj-l68-e365
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6d0d13287d82c31c4b1eab501be7341a72eb8656621f1e75c8af80dcc0d3f718
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:17:40 GMT
x-content-type-options
nosniff
age
13695
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
958
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
timing-allow-origin
*
expires
Tue, 27 Feb 2024 13:17:40 GMT
C7O_8J6u_HS1IvK2KrWhUznxGuVrDGO9ST-pDeGTqkAIpow1jP3eUl4DHcXSgooQjnPljiO41JAqQm-KfpLCUCwN2YjHaQ=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/C7O_8J6u_HS1IvK2KrWhUznxGuVrDGO9ST-pDeGTqkAIpow1jP3eUl4DHcXSgooQjnPljiO41JAqQm-KfpLCUCwN2YjHaQ=w450-h375-c-rj-l75
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
71ec08c379d02f2dc289738042a2b7842b8a3f35a90747497a337326075715ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:45:05 GMT
x-content-type-options
nosniff
age
12050
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37522
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 30 Nov 2023 13:45:05 GMT
PJ0X5gU4IlL_OMroflGwNKdVzOq9-_P5ZAucLPwAeuvlTvAwICRtF6PxZ_QTDKcUbb9kMLEsv_1aMrFDp0ZhNZZ5by1s4e6WqkYDJnY=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/PJ0X5gU4IlL_OMroflGwNKdVzOq9-_P5ZAucLPwAeuvlTvAwICRtF6PxZ_QTDKcUbb9kMLEsv_1aMrFDp0ZhNZZ5by1s4e6WqkYDJnY=s42-p-rj-l68-e365
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
a8ba06958297f0be9558ceb69e9af6a47ac8d5130f49e92bc29db08c9403dffd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:45:05 GMT
x-content-type-options
nosniff
age
12050
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1098
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
timing-allow-origin
*
expires
Tue, 27 Feb 2024 13:45:05 GMT
hWuuPEWBby9xeJwHvsz7yZdmJCjw3c9JAEo8_5O1Vhw7UF8YCz-S9lwsOUeJAuQLhactBXJPKzhbpwVV5Dg7nOEIppSbFA=w450-h375-c-rj-l75
lh3.googleusercontent.com/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/hWuuPEWBby9xeJwHvsz7yZdmJCjw3c9JAEo8_5O1Vhw7UF8YCz-S9lwsOUeJAuQLhactBXJPKzhbpwVV5Dg7nOEIppSbFA=w450-h375-c-rj-l75
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
69b5b96cf9c3ea4f1abfbce7dd1371b24b8a067868084b248b1cd6c5f5d6a4be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:52:51 GMT
x-content-type-options
nosniff
age
11584
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48775
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 30 Nov 2023 13:52:51 GMT
EL0bCFTqMEkci79hNf9I0Mgn1jazHkcibrXy5uUwcYLaHZ6XLl6-giBk8xYyEgyOm-8LMcIibBJZq-afkrpRsZxa2PojWhJOJyqFG9I=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/EL0bCFTqMEkci79hNf9I0Mgn1jazHkcibrXy5uUwcYLaHZ6XLl6-giBk8xYyEgyOm-8LMcIibBJZq-afkrpRsZxa2PojWhJOJyqFG9I=s42-p-rj-l68-e365
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6a1b6deeb6d9b1d9947bba08a3f95710af6044247b36eff3cf22d8700838343b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:52:51 GMT
x-content-type-options
nosniff
age
11584
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1163
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
timing-allow-origin
*
expires
Tue, 27 Feb 2024 13:52:51 GMT
gtm.js
www.googletagmanager.com/ 		144 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P6JN5TJ
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a069d7fc3a4e02749d02c01221c12adad326d136dc5e96d84134f6c3ebc08f1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
54511
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 29 Nov 2023 17:05:55 GMT
54e24c09270cf1ee18ccc7d391f6dbce.jpg
uintacountyherald.com/uploads/images/2023/11/ 		63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/54e24c09270cf1ee18ccc7d391f6dbce.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e86016be4caf9bb99fc3944097ecacedbb139ff2f8421d9c74dc56cc3e3f1c27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 21:09:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"fcb3-60b3cd6b0f33a-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVR3Q%2BGvRiRasTnPDFx1TQOzitGffQV0ynrZ4Xhp%2Fp5%2BX2sqsdzv6k34gdPbt6kYwEtxr9cnG4rw%2BF1wktZS6NprKZ48B%2Fx2L243INYgrcL1dhW1uSHTKjnXz2z%2FH2yzuIbrYYEONkpyAUWITx66KbWAPn4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702fbef51e4c-FRA
alt-svc
h3=":443"; ma=86400
9b0d12ff6adcf5747ada80f6b6e5f517.jpg
uintacountyherald.com/uploads/images/2023/11/ 		183 KB
183 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/9b0d12ff6adcf5747ada80f6b6e5f517.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd5ecb6c1299f05c9b6f44225275198c2aa45956538fc21a86593bba0bf3986d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 21:06:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2daae-60b3ccbf7a827-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0uKzooNwtkjayMydPWm4bRmUiSJ38%2BkS8bItzIAVDofNwmyPbnCu2vk8cfSoX2NMz7iIaIr5bt9t2yBNei4aSakfkoo7EvDITJpEN6og0rGD56wfJSVNFJHPnMqef4m0Zyi4wM0hAjuAQ4RzT7SOmfG9KuA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702fbef81e4c-FRA
alt-svc
h3=":443"; ma=86400
6cd6b89d607ac1ad6b07cf14086e5114.jpg
uintacountyherald.com/uploads/images/2023/01/ 		76 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/01/6cd6b89d607ac1ad6b07cf14086e5114.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
523a9533f11df3058a5b0b01a77e91f3e6ad122daa14d874082fa906aaabe484

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Fri, 27 Jan 2023 20:23:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"12e04-5f344a1db15b0-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9isuS0Gx9ghdVIx7IKjjLiY6V1YLmrT9O1qfscW%2B9YvJ1nYG5xV%2F1gcF2gSjsuBSq84fiGl7qV1Nf9dMqJmX%2FebxxRrErvONuZSZYEEHKPhswoZUo84%2BOv%2BAN7sUXe%2BkZmurdW%2F4yx50%2BKFu4j2%2BEDlidFM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702fbefa1e4c-FRA
alt-svc
h3=":443"; ma=86400
42d1fe4cbd3298dd974bd9190113d09a.jpg
uintacountyherald.com/uploads/images/2023/11/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/42d1fe4cbd3298dd974bd9190113d09a.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5b91b74c3adc2d12f3ca42eeb69a8c59adac9f59e9fdf30d62504d1be9835f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 21:03:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"b3d0-60b3cbff06f05-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvk03f5lygariAt%2FyVlLyir0OCtWKy%2Bxpz9vGQzYXdtj7qPh9p1o6Fc8vw36eMfyEOvIlsqUXwoNCXxa%2BDElVRq6hNqwT9Jbt9hNOkXlEL26dIEvbGXrkI7NVjLZr5eYDkCC8f1%2BnUzUPHPj%2BLR7uvU4%2FEs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702fbefe1e4c-FRA
alt-svc
h3=":443"; ma=86400
14019cae211d4ac7db9ea236161cc8aa.jpg
uintacountyherald.com/uploads/images/2023/11/ 		236 KB
236 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/14019cae211d4ac7db9ea236161cc8aa.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc9227007193b0a837a770d50ec3024ab991ee740cb694c139e35bee4ff0be1e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 21:11:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3af1d-60b3cdbe7a1d3-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3JF2hKArHAu4ViCPvIkPICkZSlGNBWc1QhWI5LcRj3s0Y6xvcD7GkCvv5xd1lsVJMpkQeg%2BD3lLdfczqW7n9FjhZqqgY3M6OTCeSH1frKMN%2BBaNByR%2BimVjFimVljCp7OkO5p3I8gHdXO4b1CI9LlHpngCQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702fbeff1e4c-FRA
alt-svc
h3=":443"; ma=86400
cfe590ee8a81ae4dcad696bfcb6c981f.jpg
uintacountyherald.com/uploads/images/2023/11/ 		274 KB
275 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/cfe590ee8a81ae4dcad696bfcb6c981f.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5862220784f844113ad16eedf12743d614552bace6a760c4a1e4e457b952d9db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Nov 2023 22:29:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"44959-6091ecd0e67f8-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OsYBJ%2BsyYLB7ErMxXKEG1gmyoocxZ0MwyUWyvGcF8FX%2FtvPHLFor8wxgXPL1%2BIAw%2BAZyL0YtZLRoxFOHfdE8K4RF2KoDxxqBHgGHryL1VhNamSFF2sxViCzB74WFBKW95lXpvdKN0tzj5Z12hoNIK1HGhjc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702fbf021e4c-FRA
alt-svc
h3=":443"; ma=86400
7d615275f343dea8994d28a578c3e69c.jpg
uintacountyherald.com/uploads/images/2023/11/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2023/11/7d615275f343dea8994d28a578c3e69c.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5b91b74c3adc2d12f3ca42eeb69a8c59adac9f59e9fdf30d62504d1be9835f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 21:01:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"b3d0-60b3cb7f6e3be-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TuGjZlG7ojyyLxHGAxtO8qQB1pRuep2YTtvV50umlR38K88Oq6ffcS%2FkyWYfxbjqllmFQgG10p15Tdh283%2FkkfQwuJkgvBM0qZa1lbPZyITI7NeaGuzMSw3jZoYhRjfd9bHeKj0BI%2BM8CwJJLYhqH2bn0Q0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc702fbf061e4c-FRA
alt-svc
h3=":443"; ma=86400
sprite_icons_6dc7d94.png
www.justapinch.com/images/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.justapinch.com/images/sprite_icons_6dc7d94.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.10.17 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
17.10.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
48ea5787f01c0678de86c7861e830f03a3163a2d3a25ddb8fe3b343725dfeabd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 20:52:00 GMT
via
1.1 google
last-modified
Thu, 16 Nov 2023 20:33:58 GMT
server
nginx
age
1023235
x-who
gcloud-web-1
content-type
image/png
cache-control
max-age=31536000,public
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22292
expires
Sat, 16 Nov 2024 20:52:00 GMT
;ID=171437;size=300x250;setID=316820;type=async;domid=placement_316820_0;place=0;pid=5314064;sw=1600;sh=1200;spr=1;rnd=5314064;kw=home;referrer=https%3A%2F%2Fuintacountyherald.com%2F;click=CLICK_MA...
servedbyadbutler.com/adserve/ 		749 B
809 B 		Script
General
Check archive.org
Download Go to
Full URL
https://servedbyadbutler.com/adserve/;ID=171437;size=300x250;setID=316820;type=async;domid=placement_316820_0;place=0;pid=5314064;sw=1600;sh=1200;spr=1;rnd=5314064;kw=home;referrer=https%3A%2F%2Fuintacountyherald.com%2F;click=CLICK_MACRO_PLACEHOLDER
Requested by
Host: ads.empowerlocal.co
URL: https://ads.empowerlocal.co/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.245.80.231 Poplar, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
Software
nginx /
Resource Hash
0cac486081b2a44f9de91995f62ce8af1bd0f8edca38007c00a145ec7e80464d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
p3p
CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type
application/javascript
access-control-allow-origin
*
cache-control
post-check=0, pre-check=0
access-control-allow-credentials
true
expires
Mon, 26 Jul 1997 05:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		238 KB
44 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3853404062806873&correlator=2215034338603786&eid=31079761%2C31079791%2C31079527%2C31078659&output=ldjh&gdfp_req=1&vrg=202311150101&ptt=17&impl=fifs&iu_parts=129995211%2Chome_leaderboard%2Chome_250_1%2Chome_250_2%2Chome_600%2Cvideo_250%2Cvideo_600&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6&prev_iu_szs=728x90%2C300x250%2C300x250%2C300x600%2C300x250%2C300x600&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1701277555180&lmt=1701277555&adxs=-9%2C-9%2C-9%2C-9%2C1200%2C-9&adys=-9%2C-9%2C-9%2C-9%2C3126%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C-1%7C-1%7C-1%7C1%7C-1&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fuintacountyherald.com%2F&vis=1&psz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C300x250%7C0x-1&msz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C300x-1%7C0x-1&fws=2%2C2%2C2%2C2%2C0%2C2&ohw=0%2C0%2C0%2C0%2C0%2C0&ga_vid=1964370080.1701277555&ga_sid=1701277555&ga_hid=1607482481&ga_fc=false&dlt=1701277554084&idt=655&adks=536991170%2C1736459697%2C2382306415%2C3782939975%2C2568665865%2C176555470&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
aae2f801add8a90f3f29537c5bd73bc45a11383b6092e6bd27beacc0abf5b657
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44427
x-xss-protection
0
google-lineitem-id
-2,-1,-1,-1,-2,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-1,-1,-1,-2,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DAB1 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:55 GMT
expires
Thu, 28 Nov 2024 17:05:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
beacons
p.flipp.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p.flipp.com/beacons
Requested by
Host: cdn-gateflipp.flippback.com
URL: https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=%201262364
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-118.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P4
vary
Origin
x-cache
Miss from cloudfront
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
x-amz-cf-id
8nWfvmuYYTP43ajMiUaGSPiyXR7bCGXk8qyIivPqx_26k31WnR8rtg==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 29 Nov 2023 15:49:38 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4577
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 29 Nov 2023 17:49:38 GMT
hotjar-467830.js
static.hotjar.com/c/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-467830.js?sv=5
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-117.muc50.r.cloudfront.net
Software
/
Resource Hash
f582d452c8d91509d4fb0b3408b4f42b913dae4b0cbe3196ee076940c0d15739
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 f4c3162878591c5abd76f8ee1f873476.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
etag
W/b0b52edfbec500b0f278722d6383484d
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
q_jB25wf_y5WLeJxBCqIA79bXmeFFQQfIwbpAhZe5tdtRMOedudjzQ==
ice.js
resources.infolinks.com/js/1895.006-3.034/ 		187 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1895.006-3.034/ice.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54eacec863498628814d62c486eca8cd1c580c77a4dda865b5941006e40c6e66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 07 Nov 2023 17:45:04 GMT
server
cloudflare
age
7871
etag
W/"2ede2-6099387db510d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
82dc70301e0218c3-FRA
expires
Fri, 29 Dec 2023 14:54:43 GMT
56d27839db85b1e3772b4a3aa7b07924.JPG
uintacountyherald.com/uploads/images/2022/11/ 		7 MB
7 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uintacountyherald.com/uploads/images/2022/11/56d27839db85b1e3772b4a3aa7b07924.JPG
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
107121045a7853e68204b1a3d59ff54da0161a5e601fbb7977e964f4c9105031

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Thu, 10 Nov 2022 18:24:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"713fc5-5ed21e3dade45-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=65Xj0Zf9OZhABd%2Fq5p9jl383Hgda0KNALPOEjYK7kHh4JqBVFCy86txi65QONqOg0cd1YAdpqAOMsPSKgZJNWfRbtxoEInxrFJt9FtfArUg%2Bi5HjGeaJXR4c4pJ1XU06AUYsNA7%2BPT%2F9JpDSkS%2BKty8OkKo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
82dc70302f821e4c-FRA
alt-svc
h3=":443"; ma=86400
glyphicons-halflings-regular.woff2
uintacountyherald.com/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://uintacountyherald.com/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/css/core.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:9f0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

Referer
https://uintacountyherald.com/css/core.css
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
cf-cache-status
HIT
last-modified
Sun, 22 Oct 2023 19:20:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"466c-60852fdfc57f5-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ptPu1rzFE3QFSKtOzKpBf%2FMJxHV37LtptVseotfsAfXeNCGMc1bji4mZkC6Vy52L4VaYLi88l7fy7jOUGgHkqJ8kOgipOWeuPXGteCVaV0zVTRy6XR93vp%2BnhpLlB9USVXGMlFtGltGpkMvhlyjffBCUQ0s%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
cf-ray
82dc70302f841e4c-FRA
alt-svc
h3=":443"; ma=86400
jot
www.civicscience.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.civicscience.com/jot?j=2428026232.3862344964&n=0&s=poll&t=created&d=%7B%22target%22%3A%223af52b84-198f-5954-3d30-5a5b0c0c9431%22%2C%22instance%22%3A%22civsci-id-1372946927%22%2C%22isContainerSeen%22%3Afalse%2C%22context%22%3A%22%2F%2Fuintacountyherald.com%22%2C%22wx%22%3A0%2C%22wy%22%3A0%2C%22wh%22%3A1200%2C%22ww%22%3A1600%2C%22cx%22%3A1200%2C%22cy%22%3A3126%7D
Requested by
Host: www.civicscience.com
URL: https://www.civicscience.com/jspoll/4/civicscience-widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.226.8.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-8-214.compute-1.amazonaws.com
Software
Apache/2.4.39 (Amazon) /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
last-modified
Fri, 30 Aug 2019 14:44:32 GMT
server
Apache/2.4.39 (Amazon)
accept-ranges
bytes
etag
"0-59156a8fe3400"
content-length
0
content-type
text/plain; charset=UTF-8
bootstrap
www.civicscience.com/widget/api/2/ 		318 B
413 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.civicscience.com/widget/api/2/bootstrap?target=3af52b84-198f-5954-3d30-5a5b0c0c9431&instance=civsci-id-1372946927&context=%2F%2Fuintacountyherald.com&mv=5&_=1701277555221&callback=jsonp_1701277555221_5316
Requested by
Host: www.civicscience.com
URL: https://www.civicscience.com/jspoll/4/civicscience-widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.226.8.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-8-214.compute-1.amazonaws.com
Software
Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.2.34 / PHP/7.2.34
Resource Hash
95f3c0df8bcfdfc857164e2ab9ad9aa4686ff6b3b854f16302e193d5722f68c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
server
Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.2.34
x-powered-by
PHP/7.2.34
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
pwt.js
ads.pubmatic.com/AdServer/js/pwt/160835/4933/ 		222 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.60.191 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-43-60-191.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6b30722487e92833baf8f01d6b2d2fed4e459d7cd42dc81ac1a80d8d08b9450e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
last-modified
Sat, 29 Apr 2023 00:25:40 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=94413
accept-ranges
bytes
content-length
68444
expires
Thu, 30 Nov 2023 19:19:28 GMT
campaigns
cdn.ads-flipp.com/flyer-locator-service/ 		135 B
548 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.ads-flipp.com/flyer-locator-service/campaigns
Requested by
Host: cdn-gateflipp.flippback.com
URL: https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=%201262364
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.36.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-36-81.ams58.r.cloudfront.net
Software
envoy /
Resource Hash
829731dcdf08025f3d898c8c3a68acb42b0496dcdd8fc61f85ec5dbbf6a69b02

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

x-trace-id
eLLGvGSKd-AzSiKNzsJFxToEolsPzjClVr750gQtHQlEySvvrq2xaA==
date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 ba01234d30a5778423f79c0c58d283ce.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
AMS58-P2
vary
Origin,Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
6
content-length
135
x-amz-cf-id
eLLGvGSKd-AzSiKNzsJFxToEolsPzjClVr750gQtHQlEySvvrq2xaA==
187621-164323601241456.js
js-sec.indexww.com/ht/p/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/187621-164323601241456.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.149.180 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4f6adfb5ea3d9502595163ad4b4d3d57fb796477f2e23d1980687f3abad5f38

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 29 Nov 2023 17:01:38 GMT
server
cloudflare
age
189
etag
W/"da3df1-856b-60b4d7d095979"
vary
Accept-Encoding
content-type
text/javascript
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=14400
cf-ray
82dc70310d61362d-FRA
expires
Wed, 29 Nov 2023 21:05:55 GMT
css
fonts.googleapis.com/ 		3 KB
761 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:600
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d7133c07da0d7df5ae3d5fe3ff8a67982a5af918e7ec147af765f1ba7e14b641
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 16:31:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:05:55 GMT
icon
fonts.googleapis.com/ 		569 B
439 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 17:05:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:05:55 GMT
OverlayScrollbars.min.css
cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/css/ 		20 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/css/OverlayScrollbars.min.css
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58a8a37fc288ebcb1babc66777ac8c7a922e145d307567c8b7a824dc959c41f9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
687263
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4023
last-modified
Wed, 16 Dec 2020 13:04:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fda05e7-4e34"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bs4s2Ks4kiCTAZBqC%2FRDYUypHFvQ3y1A%2BNYmhU7%2FlJpcTgm4w8w%2FeRoUO8WK%2FnSae36sT2Qn0cQD%2F10OECiQx869QWgtFrdQFo9o3gUkaq%2B7DaL8mWrTl5qP0C6Y%2F3aO8gvRJOoBX17HLQDZZWVqWl7N"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82dc7031186e6abb-FRA
expires
Mon, 18 Nov 2024 17:05:55 GMT
OverlayScrollbars.min.js
cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/ Frame AF7E 		53 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee61ec65bd3bc8cc949991393cfd5aca248620bc53e8ac94f9afe44c30961c0f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1861745
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
20502
last-modified
Wed, 16 Dec 2020 13:04:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fda05e7-d208"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPGE%2BrQQAtrMKuO9syjd5htes9yhlrwGbwzr5MH9%2B9WBF%2BqLTJef0ul5Zk8242LHsJP0O9KQHLWqDOP4McQ3fcEhXcmZBx30mv1X7E1HatnuB8oGW6BYLTVRo4oFPwh%2FNkfIfHzVykbh7C7%2Fv5xelQ0V"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82dc703118706abb-FRA
expires
Mon, 18 Nov 2024 17:05:55 GMT
prebid.js
embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/ Frame AF7E 		432 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.36.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-73.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
98ad025da55f90c2d3a40af4b85ba698aafe1f5ba257f4805eeb400ce35d2484

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

x-amz-version-id
zGsGp7Ij.yEpEq5zFPcFESiv6l7ttthm
content-encoding
gzip
via
1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
date
Wed, 29 Nov 2023 14:43:23 GMT
last-modified
Mon, 06 Nov 2023 19:52:23 GMT
server
AmazonS3
age
8632
x-amz-cf-pop
MUC50-P2
etag
W/"c5e87d821de860a7eb714967a512a849"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
cEYgimR0llL07T8n8VaXP2P3b80IFmFDx-0AeFle8vl2Y_C6-Pqfmw==
ppid.js
cdn-ima.33across.com/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ima.33across.com/ppid.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.152.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9470010730b754d8563690539a873235785bfd53e4af5cd93e0b08567d76c45e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 30 Oct 2023 20:31:17 GMT
server
cloudflare
age
216815
etag
W/"65401295-2847"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
82dc70314a755d9e-FRA
expires
Sat, 02 Dec 2023 17:05:55 GMT
comScore.gt.min.js
embed.sendtonews.com/library/streamsense/6.3.4.190424/ Frame AF7E 		335 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.sendtonews.com/library/streamsense/6.3.4.190424/comScore.gt.min.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.36.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-73.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
37da4f4e9645bcde259d1669db9d2548d9ff4f80e72bbe405232924129ae4db7

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 17:45:57 GMT
x-amz-version-id
..7XtSbDM3xjP8tWp7l1eb4E8v7z8_OL
content-encoding
gzip
last-modified
Thu, 13 Apr 2023 16:36:13 GMT
server
AmazonS3
age
83999
x-amz-cf-pop
MUC50-P2
etag
W/"4a51b8991a6b67323936c2eb62e3518e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
*
via
1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
HRrx4CjMRcwf985KWuxP4taIBCPrZ45j5uIbC_ta8nQvP1pJyP1-jw==
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		365 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a32283aaba0418ac1b0953af32fbe71948d43e7cdc08abeca552a9373809087
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128094
x-xss-protection
0
expires
Wed, 29 Nov 2023 17:05:55 GMT
reddit.png
d29xw9s9x32j3w.cloudfront.net/images/social/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/images/social/reddit.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9861f51d1896f195c45f603bdc6b7f1455817966f5da945371c922a6f8797711

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 14:46:58 GMT
via
1.1 7f6fdb9a0ec439bac9ac6cc0db13237e.cloudfront.net (CloudFront)
last-modified
Fri, 24 Apr 2020 20:07:21 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
8338
etag
"cb93bb50e5d021cc38de445a672c18a2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1094
x-amz-cf-id
aA--YChpoJTf83_dd6QKxDdwUKSaGxVl_QDeduvMgRF7J_XRvHKWUQ==
facebook.png
d29xw9s9x32j3w.cloudfront.net/images/social/ 		322 B
638 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/images/social/facebook.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0597ab745938c4a2cc0818fc2447beb211629e484fed0b4143bdd6fa5724be61

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 13:12:43 GMT
via
1.1 7f6fdb9a0ec439bac9ac6cc0db13237e.cloudfront.net (CloudFront)
last-modified
Fri, 24 Apr 2020 20:07:21 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
13993
etag
"311cf2edc46e82f2a6911332b7db54e1"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
322
x-amz-cf-id
3Hn1kRkqKrSx636dE_RmAP21Q9xzW_t7P2e2-AQoNTPU4XBw0F37rw==
twitter.png
d29xw9s9x32j3w.cloudfront.net/images/social/ 		832 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/images/social/twitter.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
94a557b756089fc7dde1c857bb1a2f776dff6aeec3ceead5c2fa2304433b88ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 14:31:02 GMT
via
1.1 7f6fdb9a0ec439bac9ac6cc0db13237e.cloudfront.net (CloudFront)
last-modified
Fri, 24 Apr 2020 20:07:21 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
9339
etag
"8be584e844dabfe22970a0cb943c047e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
832
x-amz-cf-id
q0LSskFZf2YEGFuWs60tXHn_RlWoIMkHt7x1ZUVh_FLcn-8U0YrS-A==
email.png
d29xw9s9x32j3w.cloudfront.net/images/social/ 		773 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/images/social/email.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3b7f1a6aeceeb60c709478e55147a48f4031ac6617b3ab089210f1f1f59b7204

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 14:30:22 GMT
via
1.1 7f6fdb9a0ec439bac9ac6cc0db13237e.cloudfront.net (CloudFront)
last-modified
Fri, 24 Apr 2020 20:07:21 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
9334
etag
"4bd445ddc3f9d6101690e15cfc1a04f0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
773
x-amz-cf-id
MCRE_V7lCQR6Yqpc05R_QICw5BmAfYtMwyJ2ESN4YkH3R03RUM4Q7g==
apstag.js
c.amazon-adsystem.com/aax2/ Frame AF7E 		267 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-208-154.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:39:05 GMT
content-encoding
gzip
via
1.1 a49c26e403f2dac09629dceb6dac5740.cloudfront.net (CloudFront), 1.1 7abd55cee48606340f570b45718202b6.cloudfront.net (CloudFront)
last-modified
Mon, 13 Nov 2023 20:18:44 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, FRA56-P3
age
1611
etag
W/"2d08dd94de483579c1dc3f3783c06f6e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
zoAH36yJM1dgce0zPwSSwTjQCWyv11N36pD-yZSIHGrSGeXfvTjjHg==
stn_trk.gif
s2l.sendtonews.com/ 		26 B
187 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=rO24BncQSMzQVeEl&instance=987133&version=7.27.3&age=231129&cmd=PRE_INIT&key=Be6nXXXs&seq=1&order=1&vIndex=0&absoluteTime=2032.8&relativeTime=0.1&canonical=https://uintacountyherald.com/&EXTREF=https://uintacountyherald.com/&REF=https://uintacountyherald.com/&serverHost=embed.sendtonews.com
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.122.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-122-215.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
data_read.php
embed.sendtonews.com/player4/ 		34 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://embed.sendtonews.com/player4/data_read.php?cmd=loadInitial&session=rO24BncQSMzQVeEl&instance=987133&version=7.27.3&age=231129&ESG_key=Be6nXXXs&type=FULL&EXTREF=https://uintacountyherald.com/&REF=https://uintacountyherald.com/&ogSet=1
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.36.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-73.muc50.r.cloudfront.net
Software
Apache /
Resource Hash
eab77f198c4a6ee98097b8978b526af6a95c3e2158fbaa5c477708f8392cb782

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
via
1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
server
Apache
x-amz-cf-pop
MUC50-P2
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=1
alt-svc
h3=":443"; ma=86400
content-length
6143
x-amz-cf-id
4vzs_9xsqq69mpiF_s71Mz_5uiGbSpdacSm546OYvDJoTQsNM2d-vg==
expires
Wed, 29 Nov 2023 17:05:56 GMT
collect
www.google-analytics.com/j/ 		16 B
226 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1607482481&t=pageview&_s=1&dl=https%3A%2F%2Fuintacountyherald.com%2F&ul=en-us&de=UTF-8&dt=Breaking%20News%20from%20your%20Local%20News%20Source%20Leader%20in%20Evanston%2C%20Wyoming%20%7C%20Uinta%20County%20Herald&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAEABAAAAACAAI~&jid=1180740765&gjid=2023926736&cid=1964370080.1701277555&tid=UA-6994918-32&_gid=1454562336.1701277555&_r=1&_slc=1&z=588117388
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
977f1afcfa3cca65301bdd18357f8a34ed8a5d119480930ad6c3dbe76062cd95
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
manage
router.infolinks.com/usync/ Frame C4EA 		0
43 B 		Document
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/manage?pid=3305933&wsid=0&pdom=uintacountyherald.com&purl=https%3A%2F%2Fuintacountyherald.com%2F
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
82dc70315fa118c3-FRA
content-length
0
date
Wed, 29 Nov 2023 17:05:55 GMT
server
cloudflare
via
1.1 google
lcmanage
router.infolinks.com/usync/ 		0
33 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/lcmanage?pid=3305933&wsid=0&pdom=uintacountyherald.com&purl=https%3A%2F%2Fuintacountyherald.com%2F
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82dc70315faa18c3-FRA
content-length
0
gsd
router.infolinks.com/ 		320 B
512 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/gsd?evt=afterGSD&pid=3305933&wsid=0&pdom=uintacountyherald.com&purl=https%3A%2F%2Fuintacountyherald.com%2F&jsv=1895.006-3.034&_cb=17012775554000
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ba6d64a1c2901c72fd3795840c6270ecad21913d6c63c44abd23cca7eb0567d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/javascript;charset=UTF-8
p3p
CP="NON DSP NID OUR COR"
cache-control
max-age=0
cf-ray
82dc70315faf18c3-FRA
expires
Thu, 01 Jan 1970 00:00:00 GMT
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI.woff2
fonts.gstatic.com/s/opensans/v36/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
752ac7b6a1d83373e07af1ee17b3a0e4a304e9b9304b55e49d93c7ab6a1c394e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 12:32:18 GMT
x-content-type-options
nosniff
age
362017
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18628
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 01:36:20 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 12:32:18 GMT
beacons
p.flipp.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p.flipp.com/beacons
Requested by
Host: cdn-gateflipp.flippback.com
URL: https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=%201262364
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-118.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P4
vary
Origin
x-cache
Miss from cloudfront
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
x-amz-cf-id
2_b_pXHiGsjsMlHKF5YTwlza7GPLsEWE9lWWCPnVJTn-J68aD4y2Sw==
;libID=3826211
servedbyadbutler.com/getad.img/ 		25 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://servedbyadbutler.com/getad.img/;libID=3826211
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.245.80.231 Poplar, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
Software
nginx /
Resource Hash
fecad8e87224d77c1c5df9ede853ccae7d4be0801328b372c2c900ad8a71fa93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
last-modified
Wed, 03 May 2023 19:53:56 GMT
server
nginx
etag
"6452bbd4-65ab"
content-type
image/jpeg
access-control-allow-origin
https://uintacountyherald.com
cache-control
max-age=31536000
access-control-allow-credentials
true
content-disposition
inline; filename="WyoPN_StayInTheKnow300.jpg"
accept-ranges
bytes
content-length
26027
expires
Thu, 28 Nov 2024 09:05:55 PST
modules.28e3191d8757c557b4b7.js
script.hotjar.com/ 		227 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.28e3191d8757c557b4b7.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-467830.js?sv=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-87.muc50.r.cloudfront.net
Software
/
Resource Hash
77a17bd55486aef26d2fbbe92b56672398378b1ad7ba7975c79742b4772d52b1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 14:01:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 b36a9cc0b5286fd650732f1458855500.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
529489
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
57395
last-modified
Thu, 23 Nov 2023 14:00:23 GMT
etag
"1ab24a53e715dcb189ab626bacc0e88b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
RLqNJz3xOxxeT5up9QGhJH5qfq8ZM2D9w959nWbNeh-Cf01NHoA_xw==
/
trends.revcontent.com/api/demand/ 		54 B
318 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/api/demand/?w=277191
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.81.36.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash
47b726fd18aa3355c7f0277952419c5e1b33d3347ee2e4eff5e9b9be73040549
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

x-rc-region
eu-west-1c
date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=931536000; includeSubDomains
server
envoy
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
content-length
54
sync
trends.revcontent.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/sync
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.81.36.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

x-rc-region
eu-west-1c
access-control-allow-origin
https://uintacountyherald.com
date
Wed, 29 Nov 2023 17:05:55 GMT
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
server
envoy
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
collect
stats.g.doubleclick.net/j/ 		4 B
353 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-6994918-32&cid=1964370080.1701277555&jid=1180740765&gjid=2023926736&_gid=1454562336.1701277555&_u=IAhAAEAAAAAAACAAI~&z=921401616
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 29 Nov 2023 17:05:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		219 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-J19JFGRKPN&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
210e46f3ef006eef3ed8d3f73bf3f26b4c6126b3bc53cb225923471f75e1ae66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
80602
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 29 Nov 2023 17:05:55 GMT
identity
api.rlcdn.com/api/ 		44 B
355 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/187621-164323601241456.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
44
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
id.sv.rkdms.com/identity/ 		72 B
235 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.sv.rkdms.com/identity/?vendor=idsv2&sv_cid=5274_04512&sv_pubid=SENDTONEWS&sv_domain=uintacountyherald.com
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/187621-164323601241456.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.199.100 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-202-199-100.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
6851edc0fca6eb99fa5fa083c37055fb96b62567bcd4730305e755e4cc0ab82a

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://uintacountyherald.com
date
Wed, 29 Nov 2023 17:05:55 GMT
access-control-allow-credentials
true
server
awselb/2.0
content-length
72
vary
Accept-Encoding
content-type
application/json
rid
match.adsrvr.org/track/ 		63 B
426 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=187621
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/187621-164323601241456.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
b8145ca34601d716f66b9ecaa7a60f641ac134365d3a73b5c736df533acf6ec7

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://uintacountyherald.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 29 Dec 2023 17:05:55 GMT
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame AF7E 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-208-154.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 01:57:25 GMT
x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
54511
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
zGLD_GfY8TaFPRIlnDeVikJE0vx7T0oR3TBww8lQGzCkNfunh-RT_A==
ppid
lexicon.33across.com/v1/ 		49 B
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lexicon.33across.com/v1/ppid?pid=0015a00003LiqV3AAJ&ver=1.2.0
Requested by
Host: cdn-ima.33across.com
URL: https://cdn-ima.33across.com/ppid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.193.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
51.193.244.35.bc.googleusercontent.com
Software
/
Resource Hash
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
via
1.1 google
vary
origin
content-type
application/json
access-control-allow-origin
https://uintacountyherald.com
cache-control
private, must-revalidate, max-age=28800
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
target
www.civicscience.com/widget/api/2/ 		0
98 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.civicscience.com/widget/api/2/target?target=3af52b84-198f-5954-3d30-5a5b0c0c9431&instance=civsci-id-1372946927&context=%2F%2Fuintacountyherald.com&mv=5&_=1701277555523&callback=jsonp_1701277555523_42862
Requested by
Host: www.civicscience.com
URL: https://www.civicscience.com/jspoll/4/civicscience-widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.226.8.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-8-214.compute-1.amazonaws.com
Software
Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.2.34 / PHP/7.2.34
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
x-powered-by
PHP/7.2.34
server
Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.2.34
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-6994918-32&cid=1964370080.1701277555&jid=1180740765&_u=IAhAAEAAAAAAACAAI~&z=186544011
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-6994918-32&cid=1964370080.1701277555&jid=1180740765&_u=IAhAAEAAAAAAACAAI~&z=186544011
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bridge3.605.0_en.html
imasdk.googleapis.com/js/core/ Frame 421A 		752 KB
241 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a2eacbd0a55e794d92e79a03b68c07f613a0ab710ffaffe5f1d12d67aac843a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
355958
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
246766
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sat, 25 Nov 2023 14:13:17 GMT
expires
Sun, 24 Nov 2024 14:13:17 GMT
last-modified
Wed, 15 Nov 2023 19:11:18 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Nov 2023 17:05:55 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 5359 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:58:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
421
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13893
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 15:57:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 29 Nov 2023 17:58:54 GMT
6c3f03cd-6fa8-4477-ac05-2c0f4f8da092
config.aps.amazon-adsystem.com/configs/ Frame AF7E 		537 B
804 B 		Script
General
Check archive.org
Download Go to
Full URL
https://config.aps.amazon-adsystem.com/configs/6c3f03cd-6fa8-4477-ac05-2c0f4f8da092
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-117.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
1856d9b5b6bab37b309b28fe14f3de828d2997daa7e80b31da276ff234c3a8f6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:40:23 GMT
via
1.1 91220e34cbdd95f669dbfd83e711fee6.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
MUC50-P2
age
1532
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
content-length
537
x-amz-cf-id
Z1Im-t0J0-VIdM97AZ3tlo65OnErZ7dQlXM12F3FIySJmjHnmXeIow==
config
c.amazon-adsystem.com/cdn/prod/ Frame AF7E 		1006 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fuintacountyherald.com&pubid=6c3f03cd-6fa8-4477-ac05-2c0f4f8da092
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-208-154.fra56.r.cloudfront.net
Software
Server /
Resource Hash
fd8e6d26ae464a400f3c77955c4d426cec2d159f514c30ff72f9155f6e606a15

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 12:29:35 GMT
via
1.1 7abd55cee48606340f570b45718202b6.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P3
age
16580
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
1006
x-amz-cf-id
jGXfujN8grbTHmhHuhVPM_xImQUs33KValldLWxrFIpxj1VQm04E4w==
stn_trk.gif
s2l.sendtonews.com/ 		26 B
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=rO24BncQSMzQVeEl&instance=214987133&version=7.27.3&age=231129&cmd=GET&key=Be6nXXXs&c_id=12385&seq=1&order=2&vIndex=0&absoluteTime=2245.3&relativeTime=212.6&canonical=https://uintacountyherald.com/&EXTREF=https://uintacountyherald.com/&REF=https://uintacountyherald.com/&playerCfg=BR&playerType=BARKER&serverHost=embed.sendtonews.com
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.122.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-122-215.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
0.js
player.sendtonews.com/bidderFiles/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.sendtonews.com/bidderFiles/0.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-23.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ba005884302c65983e86c49afd2e6bf0d3ca60166c861ee2888d716ceed13e02

Request headers

Referer
https://embed.sendtonews.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

x-amz-version-id
UQ7kWi2taw0bordMiyKDP_I_ByXqD8Mm
content-encoding
gzip
via
1.1 7fd88bab22735486702d23ba4e028d86.cloudfront.net (CloudFront), 1.1 4d156fc02c81ad97b906c107779265e2.cloudfront.net (CloudFront)
date
Wed, 29 Nov 2023 11:26:02 GMT
x-amz-cf-pop
FRA60-P3, FRA60-P5
age
20395
x-cache
Hit from cloudfront
last-modified
Thu, 07 Sep 2023 23:03:22 GMT
server
AmazonS3
etag
W/"25b745fa0d93d47bf009a28d8bcdf8d6"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
x-amz-cf-id
HGziD4owf4iYhbcN5Lv7ZxRWsv04x7qcNhytuL3k99oIb1V0JFN-GA==
wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c7ba81186b0be4238e6e39757350bcc41918c51858cb167d6112f6a3b7510e

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:49 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3067
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
25178
last-modified
Wed, 29 Nov 2023 15:20:20 GMT
server
AmazonS3
etag
"6b8fa6e4c6cdb4a29fd61b8bebee4534"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
VvfKhIH0-FfgCxy33SYJLMvAZ3H4cMnSsFuFh8z1Hh-VIys8LheTmQ==
stn_trk.gif
s2l.sendtonews.com/ 		26 B
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=rO24BncQSMzQVeEl&instance=214987133&version=7.27.3&age=231129&cmd=RTP&key=Be6nXXXs&c_id=12385&seq=1&order=3&vIndex=0&absoluteTime=2247.2&relativeTime=214.5&sC_ID=8783&sm_id=3205108&load=1&status=LVFNSNIY&ac_id=2008&EXTREF=https://uintacountyherald.com/&REF=https://uintacountyherald.com/&playerCfg=BR&playerType=BARKER&DS=notfound
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.122.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-122-215.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
analytics.min.js
cdn.resonate.com/analytics.js/v1/200302733/ Frame AF7E 		0
96 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.resonate.com/analytics.js/v1/200302733/analytics.min.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.242 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=15552000
server
cloudflare
cf-ray
82dc70329d1a9001-FRA
vary
Accept-Encoding
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ 		125 KB
125 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 20:08:20 GMT
x-content-type-options
nosniff
age
421055
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Tue, 07 Mar 2023 19:51:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 20:08:20 GMT
03n83so79q240353r1o9nponn6r59orrplaylist.m3u8
d29xw9s9x32j3w.cloudfront.net/videos/m3u8/ 		291 B
868 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/m3u8/03n83so79q240353r1o9nponn6r59orrplaylist.m3u8
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5931aada101730e169beb9b417f0156f5e4a58af804813543ee4537ae3c194b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:49 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
291
last-modified
Wed, 29 Nov 2023 15:22:25 GMT
server
AmazonS3
etag
"359631ee3c9519252b3480cb2810ac2a"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
C4BL10BhZIBwwFYVDBeGjdDXiMw2oU-7b-mMKyJTuLpgrHcye1MoKg==
stn_trk.gif
s2l.sendtonews.com/ 		26 B
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=rO24BncQSMzQVeEl&instance=214987133&version=7.27.3&age=231129&cmd=IMA&key=Be6nXXXs&c_id=12385&seq=1&order=4&vIndex=0&absoluteTime=2261.7&relativeTime=229&EXTREF=https://uintacountyherald.com/&REF=https://uintacountyherald.com/&playerCfg=BR&recoveryMethod=NONE&imaVersion=3.605.0&blocked=false&recovered=false&hasAdParams=true
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.122.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-122-215.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
ads
pubads.g.doubleclick.net/gampad/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F92056281%2C12230023%2Fuintacountyherald-premium&env=vp&gdfp_req=1&unviewed_position_start=1&ad_rule=1&output=xml_vmap1&sz=480x270&ciu_szs=300x60&description_url=https%3A%2F%2Fuintacountyherald.com%2F&hl=en&vpa=auto&vpmute=1&vconp=2&cmsid=2631244&plcmt=2&vid=3205108&us_privacy=false&cust_params=sessionKey%3D214987133-rO24BncQSMzQVeEl%26schain%3Dstnvideo.com%2COs1rviljg-Vo7CkRLAuBsw%26content%3D8783%26placementType%3DPremium%26embed%3DBe6nXXXs%26domain%3Duintacountyherald.com%26player_size%3Dsmall%26player_width%3D1060%26player_height%3D596%26player_type%3Dbarker%26smartmatch%3Dno%26version%3D7.27.3%26player_status%3DLVFNSNIY%26play_code%3D2008%26view100%3D1%26excl_cat%3Dstl_id00157%26rand%3D2%26uhr%3D18%26iris_id%3Diris_887d2ac77c34474a%26iris_context%3Dic_2782847%2Cic_5073780%2Cic_6902683%2Cic_7993673%2Cic_4852208%2Cic_9564594%2Cic_6367414%2Cic_3849004%2Cic_4619843%2Cic_2115263%26us_privacy%3Dfalse%26keywchk%3Dok
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7028e343739c0f4a10cd10c0e053a6d56f7bf2bb0fbaec578c7eae053854e3b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1036
x-xss-protection
0
google-lineitem-id
0
pragma
no-cache
server
cafe
google-creative-id
0
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
643f8a16ac220c37763778f80d240d23842c3116d46b587d002496cc6feec1ab

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
29803
last-modified
Wed, 29 Nov 2023 15:00:15 GMT
server
AmazonS3
etag
"f1e04b8ddda372344e1359c98f9ab182"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
g8KCRi5ZpILQh7S1RQSilWrxWq3Om-ITcsyup3axhOiZqCJEdWmaag==
l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fa801dedeab49955dd5f76ca45f223e486d27ad782c5959e002c1fe6150eaec

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
28006
last-modified
Wed, 29 Nov 2023 15:00:13 GMT
server
AmazonS3
etag
"652973baec139cbdfaf2aa9287f3d9a0"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
vD0OYxBqz0K5cX180B_6R1JIBHoqbETJ3PliKda9CjYcEf9IWwttGQ==
5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef0e671e922fc0fe31a2c3482e697f3c1d08450cc95a391452adebefc1e791ed

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:16:26 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
2970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
26979
last-modified
Wed, 29 Nov 2023 15:00:11 GMT
server
AmazonS3
etag
"cbda15c12cd3a75ed207d97114e24d34"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
vaEM29GCD-4fbNFVFMNROY94Ym104hVUSnUZuFJNzfXeSsmddUNS8g==
collect
region1.analytics.google.com/g/ 		0
258 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-J19JFGRKPN&gtm=45je3b81v9109201154&_p=1701277555155&_gaz=1&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1964370080.1701277555&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fuintacountyherald.com%2F&dt=Breaking%20News%20from%20your%20Local%20News%20Source%20Leader%20in%20Evanston%2C%20Wyoming%20%7C%20Uinta%20County%20Herald&sid=1701277555&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2285
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-J19JFGRKPN&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-J19JFGRKPN&cid=1964370080.1701277555&gtm=45je3b81v9109201154&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-J19JFGRKPN&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-J19JFGRKPN&cid=1964370080.1701277555&gtm=45je3b81v9109201154&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l2&z=1137821654
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
preact-incoming-feedback.c20c19b1cc6c85b5d8d1.js
script.hotjar.com/ 		190 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/preact-incoming-feedback.c20c19b1cc6c85b5d8d1.js
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.28e3191d8757c557b4b7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-87.muc50.r.cloudfront.net
Software
/
Resource Hash
68947e9ddb590b11f6c1250e1080ff031fb91fddae5b9d41eb307a20ae306e64
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 16:27:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 b36a9cc0b5286fd650732f1458855500.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
607128
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
42783
last-modified
Wed, 22 Nov 2023 16:26:24 GMT
etag
"238d00d7f9c895e9f37ab6355e0076c2"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
qBg4kaJK0nw1rs9mWiXr28azxXrxoRS_RRGfoyf9y476aeF_hcka-w==
browser-perf.28a8c6b22b3c0474c577.js
script.hotjar.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/browser-perf.28a8c6b22b3c0474c577.js
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.28e3191d8757c557b4b7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-87.muc50.r.cloudfront.net
Software
/
Resource Hash
f0682c5bcb9a2e1a7a27212c0fcebe713d653ad64e32742d4a4dbea937bb6bb7
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 10:24:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 b36a9cc0b5286fd650732f1458855500.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
2270509
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1589
last-modified
Fri, 03 Nov 2023 10:23:46 GMT
etag
"d065ec1659ab8dbb93042fdf9a225634"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
Y2wyhTpYeGIqBQENfrizjl6S1hwy53b4CAldwsFovt5WZY6a5iSsJw==
wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c7ba81186b0be4238e6e39757350bcc41918c51858cb167d6112f6a3b7510e

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:49 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3067
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
25178
last-modified
Wed, 29 Nov 2023 15:20:20 GMT
server
AmazonS3
etag
"6b8fa6e4c6cdb4a29fd61b8bebee4534"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
meGdIB_AhbVJLN08D-Gf34VV9l4nwJimYDobt2gdxJCM6lHvA6gK6w==
7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
643f8a16ac220c37763778f80d240d23842c3116d46b587d002496cc6feec1ab

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
29803
last-modified
Wed, 29 Nov 2023 15:00:15 GMT
server
AmazonS3
etag
"f1e04b8ddda372344e1359c98f9ab182"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
fyke5jefIYuFIy8UQo19ZngymSnYKeyDQ7lOanKbbmTt4XvG3hYjtQ==
l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fa801dedeab49955dd5f76ca45f223e486d27ad782c5959e002c1fe6150eaec

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
28006
last-modified
Wed, 29 Nov 2023 15:00:13 GMT
server
AmazonS3
etag
"652973baec139cbdfaf2aa9287f3d9a0"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
IuK303e3A_4etjQqUlDoUzlg-dujAwTVO5ZhXH1TjrV_voMPHFfKvw==
5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef0e671e922fc0fe31a2c3482e697f3c1d08450cc95a391452adebefc1e791ed

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:16:26 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
2970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
26979
last-modified
Wed, 29 Nov 2023 15:00:11 GMT
server
AmazonS3
etag
"cbda15c12cd3a75ed207d97114e24d34"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
dqzZeGbB_SxRZ846GXOLmn90dCn_yGjFsX8YCMRGg4zteQO8ak8veg==
wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c7ba81186b0be4238e6e39757350bcc41918c51858cb167d6112f6a3b7510e

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:49 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3067
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
25178
last-modified
Wed, 29 Nov 2023 15:20:20 GMT
server
AmazonS3
etag
"6b8fa6e4c6cdb4a29fd61b8bebee4534"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
Uq240SLKfTOtlVLL119TJqjJYokXMqhk60yWNR9l-bVjdj36ne6_PQ==
7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
643f8a16ac220c37763778f80d240d23842c3116d46b587d002496cc6feec1ab

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
29803
last-modified
Wed, 29 Nov 2023 15:00:15 GMT
server
AmazonS3
etag
"f1e04b8ddda372344e1359c98f9ab182"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
eUAbduWOLqEVjH0h4noXGZMgnRdr09_FUJvCpScVXLulUsEl1WU7Ig==
l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fa801dedeab49955dd5f76ca45f223e486d27ad782c5959e002c1fe6150eaec

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
28006
last-modified
Wed, 29 Nov 2023 15:00:13 GMT
server
AmazonS3
etag
"652973baec139cbdfaf2aa9287f3d9a0"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
An4bLSpncDDGHmVKA7BzJV0DNHTvU6Y4k2CBlP91I9u31o_ryDfWRw==
5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef0e671e922fc0fe31a2c3482e697f3c1d08450cc95a391452adebefc1e791ed

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:16:26 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
2970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
26979
last-modified
Wed, 29 Nov 2023 15:00:11 GMT
server
AmazonS3
etag
"cbda15c12cd3a75ed207d97114e24d34"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
EPK5077CGkcv4wKq51BiaYGQR6sMfSgpw_r_dpXmq8KlG-JtiBnyUw==
wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c7ba81186b0be4238e6e39757350bcc41918c51858cb167d6112f6a3b7510e

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:49 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3067
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
25178
last-modified
Wed, 29 Nov 2023 15:20:20 GMT
server
AmazonS3
etag
"6b8fa6e4c6cdb4a29fd61b8bebee4534"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
l0Wqm_j8hzmeFCGHT8jb16KLn0PL5wKu1Qv1tEneP8ASrhiK38MulQ==
7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
643f8a16ac220c37763778f80d240d23842c3116d46b587d002496cc6feec1ab

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
29803
last-modified
Wed, 29 Nov 2023 15:00:15 GMT
server
AmazonS3
etag
"f1e04b8ddda372344e1359c98f9ab182"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
GDCZvB1RLBw60VMB47AoXCZDgHY73vAunWZvkurGQSfW7C3bGi8JEg==
l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fa801dedeab49955dd5f76ca45f223e486d27ad782c5959e002c1fe6150eaec

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
28006
last-modified
Wed, 29 Nov 2023 15:00:13 GMT
server
AmazonS3
etag
"652973baec139cbdfaf2aa9287f3d9a0"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
fhfJq9C_gqPhxl_5P1Fcxp0bVMQlT1sDzhbK-xPGv8T0ctEG9lm2lQ==
5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef0e671e922fc0fe31a2c3482e697f3c1d08450cc95a391452adebefc1e791ed

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:16:26 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
2970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
26979
last-modified
Wed, 29 Nov 2023 15:00:11 GMT
server
AmazonS3
etag
"cbda15c12cd3a75ed207d97114e24d34"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
-LGchk2HlCqwoq_ZZxMzoWDdKtNPe70a81LcRbzhR5HCadskQ0pnVA==
wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c7ba81186b0be4238e6e39757350bcc41918c51858cb167d6112f6a3b7510e

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:49 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3067
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
25178
last-modified
Wed, 29 Nov 2023 15:20:20 GMT
server
AmazonS3
etag
"6b8fa6e4c6cdb4a29fd61b8bebee4534"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
WQuP3iD7CGIDxN7gCKWREoMOW9Qj_hUoUcU-sdPPA-hMyUu9-5jtMw==
7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
643f8a16ac220c37763778f80d240d23842c3116d46b587d002496cc6feec1ab

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
29803
last-modified
Wed, 29 Nov 2023 15:00:15 GMT
server
AmazonS3
etag
"f1e04b8ddda372344e1359c98f9ab182"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
SIIuJhKBII96D8RUtPmImMtLMZiGpGnAVXVnEy70QjYDDbmwbbtrNw==
l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fa801dedeab49955dd5f76ca45f223e486d27ad782c5959e002c1fe6150eaec

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
28006
last-modified
Wed, 29 Nov 2023 15:00:13 GMT
server
AmazonS3
etag
"652973baec139cbdfaf2aa9287f3d9a0"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
b42LzD0c0_1jfdOZnmuAyQnKEXmlFxmoj1JkaevrYGWk8Ir4c9I_FQ==
5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef0e671e922fc0fe31a2c3482e697f3c1d08450cc95a391452adebefc1e791ed

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:16:26 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
2970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
26979
last-modified
Wed, 29 Nov 2023 15:00:11 GMT
server
AmazonS3
etag
"cbda15c12cd3a75ed207d97114e24d34"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
rxypSiDLJfoIr_SG18nlxrvxxkFTwElepoFQlpq5bhNPVxvTN8UUKQ==
wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c7ba81186b0be4238e6e39757350bcc41918c51858cb167d6112f6a3b7510e

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:49 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3067
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
25178
last-modified
Wed, 29 Nov 2023 15:20:20 GMT
server
AmazonS3
etag
"6b8fa6e4c6cdb4a29fd61b8bebee4534"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
Q8-46unFA-YXbFFuwWNw_l0W2bJLbmiw1MiTKBW5PkuhTz80VNbcBg==
7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
643f8a16ac220c37763778f80d240d23842c3116d46b587d002496cc6feec1ab

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
29803
last-modified
Wed, 29 Nov 2023 15:00:15 GMT
server
AmazonS3
etag
"f1e04b8ddda372344e1359c98f9ab182"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
T-IsvoBW0HXag6CV7cS7YF6NaWpt395MsNzy-JhHymbaEsO3SYobJA==
l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fa801dedeab49955dd5f76ca45f223e486d27ad782c5959e002c1fe6150eaec

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
28006
last-modified
Wed, 29 Nov 2023 15:00:13 GMT
server
AmazonS3
etag
"652973baec139cbdfaf2aa9287f3d9a0"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
du1qx0OIcD6-EfoUZS_GyUnUoNr4lmT7ZLHJjhndp4ckTOyPCApsVw==
5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame AF7E 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef0e671e922fc0fe31a2c3482e697f3c1d08450cc95a391452adebefc1e791ed

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:16:26 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
2970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
26979
last-modified
Wed, 29 Nov 2023 15:00:11 GMT
server
AmazonS3
etag
"cbda15c12cd3a75ed207d97114e24d34"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
SMEhnNfIdIRcCBD2Xgr5BN6VGShab3x419z5hM7ygbChkN6PrZv8cQ==
wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/wgwtpg2mc8m5f28ktgackmbuv1btayw1.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c7ba81186b0be4238e6e39757350bcc41918c51858cb167d6112f6a3b7510e

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:49 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3067
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
25178
last-modified
Wed, 29 Nov 2023 15:20:20 GMT
server
AmazonS3
etag
"6b8fa6e4c6cdb4a29fd61b8bebee4534"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
hHZFlZ95RoY7kvjHTyFGQnHlKUcQl-m-fnY9AT8os8aSQb7ooAjXwQ==
7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/7plb6tndyrn9e0wljl7y8isd2k0rvgpg.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
643f8a16ac220c37763778f80d240d23842c3116d46b587d002496cc6feec1ab

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
29803
last-modified
Wed, 29 Nov 2023 15:00:15 GMT
server
AmazonS3
etag
"f1e04b8ddda372344e1359c98f9ab182"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
Rp1Eof1hcISeszL0JhUBEtTfVS45G54qHaZv_9BKgWnBp8XxIWzVdg==
l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/l4ppk2yh956p7qjx4q3aw1gcyqzgk5bo.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fa801dedeab49955dd5f76ca45f223e486d27ad782c5959e002c1fe6150eaec

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
28006
last-modified
Wed, 29 Nov 2023 15:00:13 GMT
server
AmazonS3
etag
"652973baec139cbdfaf2aa9287f3d9a0"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
4B8d1xOysHU5qKOX-Bqe_OVTDpEXN3qQesXv7YS52j4wOnWt1h7t4w==
5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/5igdnbbvwrqmpjbtqv46y4u3brh4lbjt.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/overlayscrollbars/1.13.1/js/OverlayScrollbars.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef0e671e922fc0fe31a2c3482e697f3c1d08450cc95a391452adebefc1e791ed

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:16:26 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
2970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
26979
last-modified
Wed, 29 Nov 2023 15:00:11 GMT
server
AmazonS3
etag
"cbda15c12cd3a75ed207d97114e24d34"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
ytc-_A4s81m1kCkWBhHdD8QxUNCd6HQ7yne7RPYKkniEIelPhbbmqw==
03n83so79q240353r1o9nponn6r59orr.m3u8
d29xw9s9x32j3w.cloudfront.net/videos/m3u8/300k/ 		323 B
900 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/m3u8/300k/03n83so79q240353r1o9nponn6r59orr.m3u8
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fc4508ce72fb8c96bb9d5baee833c2c1fe358c525527a85e36a0f03bcb3a16b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
323
last-modified
Wed, 29 Nov 2023 15:22:31 GMT
server
AmazonS3
etag
"5f99535fcf9ac92569cfeaa69ac6fc17"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
RyHHGun6NujYo0Nml6jf58ngtRXG8deASnWLnjkY1qrwU7gyoh9ppw==
r793929p426187r860or31o150q38r0obase.en.vtt
d29xw9s9x32j3w.cloudfront.net/videos/cc_text/ 		671 B
1 KB 		TextTrack
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/cc_text/r793929p426187r860or31o150q38r0obase.en.vtt
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bb0f736d0d23ef584314ede0fda44f4a1dd74407a24f0041c9523e657d22d008

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:50 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
671
last-modified
Wed, 29 Nov 2023 15:24:34 GMT
server
AmazonS3
etag
"ecb95cdb9608e23438024043bc57c2a9"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
text/vtt
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
accept-ranges
bytes
x-amz-cf-id
o8IFIUzdHK-5B25j9VPIGzW07V__DRNWoZefYjCHHpD8BgqIp61lOA==
container.html
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4D2E 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:55 GMT
expires
Thu, 28 Nov 2024 17:05:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ Frame AF7E 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.211.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-211-26.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
last-modified
Mon, 23 Jan 2023 19:40:17 GMT
server
Apache
etag
"d734-5f2f3919e751f-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17407
expires
Wed, 29 Nov 2023 17:20:55 GMT
hadron.js
cdn.hadronid.net/ Frame AF7E 		55 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fuintacountyherald.com%2F&ref=https%3A%2F%2Fuintacountyherald.com%2F&_it=amazon&partner_id=694
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:246e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2365cc11ef3d43f265b848c7164e5487c7a49d6af06c2938ac9272c8d91fc1a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Wed, 29 Nov 2023 15:31:45 GMT
server
cloudflare
x-amz-request-id
01CC8G5F16RM7B26
age
5647
etag
W/"13043c1bbaf21ccc6e8ed474a744d3f2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
cf-ray
82dc7033bc5d92c5-FRA
x-amz-id-2
HXRUR8HjAo6USwQLdtHY+PYQf8tGuqDCh/+7XnINsX6lV9HyCEeo0/fdHmm/D8O2xprGCoT8y84=
/
trends.revcontent.com/api/delivery/ 		13 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=277191&width=1600&rev_allow_cookies=0&site_url=https%3A%2F%2Fuintacountyherald.com%2F&icr_url=&va=0&time=1701277555777&up=pc&bn=chrome&bv=120&widget_width=1060&style_id=0&an=false
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.81.36.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash
a7db437e5bd081bcec2137200fb548a4cbf3d0c9594a41351068d8c5fbeb51d8
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

x-rc-region
eu-west-1c
date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=931536000; includeSubDomains
content-encoding
gzip
server
envoy
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
63
doq.htm
rt3014.infolinks.com/action/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/doq.htm?pcode=utf-8&r=17012775557461
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
739aa83cc036212f119f8900fb3c235bc7c234a1b50c3a4d18ca84b4b99558d1

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
text/html;charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
p3p
CP="NON DSP NID OUR COR"
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-language
de-DE
cf-ray
82dc7033cbf99171-FRA
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
03n83so79q240353r1o9nponn6r59orr-00001.ts
d29xw9s9x32j3w.cloudfront.net/videos/m3u8/300k/ 		366 KB
366 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/m3u8/300k/03n83so79q240353r1o9nponn6r59orr-00001.ts
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
55fcc36756ba70a18a2ec4c371d723ffbf4a24ec94eed3013566b775911caff6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:51 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3065
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
374308
last-modified
Wed, 29 Nov 2023 15:22:30 GMT
server
AmazonS3
etag
"a974fe4860b13bc2663faf8e08916566"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
video/mp2t
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
JhuI0w5_cAJqnLO8Qj5V5t3TyUsiKtm3CrEMyxo_SfFDByT8hNBxDA==
bid
aax.amazon-adsystem.com/e/dtb/ Frame AF7E 		23 B
466 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fuintacountyherald.com%2F&pid=tp2Trbhyoi4Gn&cb=0&ws=1600x1200&v=23.1108.2350&t=2000&slots=%5B%7B%22kv%22%3A%7B%22irisid%22%3A%22iris_887d2ac77c34474a%22%7D%2C%22id%22%3A%22standard%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1!stnvideo.com%2COs1rviljg-Vo7CkRLAuBsw%2C1%2C%2C%2C&pubid=6c3f03cd-6fa8-4477-ac05-2c0f4f8da092&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.191.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-191-32.muc50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 21be3420a436f8727342146a9b19af68.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
MUC50-P4
x-amz-rid
66K273Z4WZGSY29H7RV1
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
T3aBA_NyyPrs4iMBhXWoc2D_6j5EHYA5g8TZkU8bgRq-fakA6cj0pg==
afr.php
ads.eu.criteo.com/delivery/r/ Frame 98C1 		181 KB
56 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
72e8fb508a9e03406a7372fdaf74abb52787bda50dce7c739f444042fb39432c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:55 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=WV7V7AVpiAYxC3kUtCUjP167KHPfV0pblkUn8l1fsFXpRhedgqG2Yfqc60dA7udBkn-8LAbWDBE9rXhNKjL2KgP6c0MbT4qELhZ1WEDOhkOHppnyS1wnf0v10xYzYw9XtqZ6wnxHrYm1TYq3aGzKM5Iqg-cT4C-J77oLsh4s8uEfXNFKSry9KpFtiA-pAILYYYxk0roUq7PGOyd3wYr8fAoREwYpsOczwHI_3bzssJ-ncMUD1Yy9vteoKfATptZM0weF4g"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
67773268
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 4D2E 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 12:41:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
15876
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 12:41:19 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 4D2E 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 23:16:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
64137
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 23:16:58 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 4D2E 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 23:16:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
496137
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 22 Nov 2024 23:16:58 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 4D2E 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65070
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700193896630564"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:05:55 GMT
font-hotjar_5.65042d.woff2
script.hotjar.com/ 		2 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/font-hotjar_5.65042d.woff2
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-87.muc50.r.cloudfront.net
Software
/
Resource Hash
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://uintacountyherald.com/
Origin
https://uintacountyherald.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 23:49:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 50cfe0dc07dec77718bfa8346e608936.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
7665395
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Fri, 01 Sep 2023 09:38:54 GMT
etag
"c9fb9163f8b7be37023ebe649688bebf"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
x-robots-tag
none
x-amz-cf-id
acq7TuFFg-dplt0S5wExKu-Bz7HxP0-b5QINsSYKOc8DaIFHoUbNUA==
hadron.json
id.hadron.ad.gt/v1/ Frame AF7E 		106 B
318 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=694&sync=0&domain=uintacountyherald.com&url=https://uintacountyherald.com/
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fuintacountyherald.com%2F&ref=https%3A%2F%2Fuintacountyherald.com%2F&_it=amazon&partner_id=694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9685a4d85c81e047f2081c57b9030e743390862426250881c5bc02298adaed07

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
HEAD,GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
private,max-age=30
access-control-allow-credentials
true
debug
NON-OPTIONS
access-control-allow-headers
authorization
cf-ray
82dc70350cad9945-FRA
hadron.json
id.hadron.ad.gt/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=694&sync=0&domain=uintacountyherald.com&url=https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://uintacountyherald.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST, OPTIONS, GET
cache-control
max-age=31536000 public, no-transform
cf-cache-status
DYNAMIC
cf-ray
82dc70345be99945-FRA
content-length
0
content-type
application/json
date
Wed, 29 Nov 2023 17:05:55 GMT
debug
OPTIONS block
expires
Thu, 28 Nov 2024 17:05:55 GMT
server
cloudflare
beacons
p.flipp.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p.flipp.com/beacons
Requested by
Host: cdn-gateflipp.flippback.com
URL: https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=%201262364
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-118.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P4
vary
Origin
x-cache
Miss from cloudfront
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
x-amz-cf-id
zVohYO2pWy6MN-JSxheyxcrXUmg892tapP19uim5Zrt4halpfGGfUQ==
03n83so79q240353r1o9nponn6r59orr.m3u8
d29xw9s9x32j3w.cloudfront.net/videos/m3u8/1000k/ 		323 B
900 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/m3u8/1000k/03n83so79q240353r1o9nponn6r59orr.m3u8
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ac71735f39c340f7bcc05497dc26ffadb3ac700a3aa990d71da86ca182464903

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:53 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3063
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
323
last-modified
Wed, 29 Nov 2023 15:22:31 GMT
server
AmazonS3
etag
"cdd9dbeba1323ed036b7e859a2297243"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
SghP4bmb4xCAehZA26fMD85YdlbUi8DVW4PSv_4OlnUWCiFVaMSXjA==
impression
trends.revcontent.com/event/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/event/impression
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.81.36.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-rc-region
eu-west-1c
date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=931536000; includeSubDomains
server
envoy
vary
Origin
access-control-allow-origin
https://uintacountyherald.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
5
css2
fonts.googleapis.com/ 		34 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fad08488ab9bdf68897a3a6eeb699584c94d259cf814b1f81a330964852f0274
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 16:33:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:05:55 GMT
brandWidget~feedWidget.delivery.js
assets.revcontent.com/master/ 		65 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/brandWidget~feedWidget.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-105.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0077dda9560e1ff3171a016d7390330796612e54619094f5bafe6b5314e2eb8f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 06:58:43 GMT
content-encoding
gzip
via
1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
last-modified
Mon, 06 Nov 2023 20:47:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
36433
x-amz-server-side-encryption
AES256
etag
W/"96edb70e0b7f4125d0951702526f091c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=60
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
LA4k9hKz11SI-nVW8233U736IHxE55J9I3wMXZ0SArkDAGk4ccXuLQ==
defaultWidget~feedWidget.delivery.js
assets.revcontent.com/master/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/defaultWidget~feedWidget.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-105.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a4de1e27f83eb7660e650f61a7b3cae568fff6554aabf2ece6acaaa943814bbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 10:16:27 GMT
content-encoding
gzip
via
1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
last-modified
Mon, 06 Nov 2023 20:47:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
24569
x-amz-server-side-encryption
AES256
etag
W/"5bfc015a2c2bfed2e72c706157a02719"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=60
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
7W1K6TY8nCk53WVTkUfXbR4OjUpCZEfZwIczV--tVDwPcXebTEAjRg==
feedWidget.delivery.js
assets.revcontent.com/master/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/feedWidget.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-105.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5d827fff167e3e0dd80812592a22621df80fda7610a0ed3a07ca49f94abe41e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 07:24:30 GMT
content-encoding
gzip
via
1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
last-modified
Mon, 06 Nov 2023 20:47:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
58882
x-amz-server-side-encryption
AES256
etag
W/"390f0052288a44789c8f6404c2523a7a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=60
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
zrNOwJrajytPdo2KzgSlHCMovcFPmM1X6J5DVp5tWEt98yTYmOYaiA==
/
img.revcontent.com/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.revcontent.com/?url=https://cdn.revcontent.com/assets/img/full_color.png&static=true
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-98.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

x-rc-region
us-east-1a
date
Tue, 03 Oct 2023 17:55:57 GMT
via
1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
last-modified
Thu, 01 Jun 2023 15:43:57 GMT
server
envoy
x-amz-cf-pop
FRA56-P2
age
4921798
etag
"a798d6ed9b193888fbc8a4a5bd7b51c236f8aa33"
x-cache
Hit from cloudfront
content-type
image/png
x-envoy-upstream-service-time
22
alt-svc
h3=":443"; ma=86400
content-length
1351
x-amz-cf-id
9A1AgSkqZpjqMrfwYtFkH26kOJniqGZSJ0jCX3XRJYaU8NebyvzSog==
truncated
/ Frame 4D2E 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3d60a87e0fb97b4920df50ad00d001270a7def0818dbed8dadf92757b591f00

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Content-Type
image/png
widget-rtdx.php
japfg-trending-content.appspot.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://japfg-trending-content.appspot.com/widget-rtdx.php?s=10236
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
5f7a6e6a2338db74b1a1ebba51aac8e37d1f0e78af0f133d30499a9bc57d810c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
via
1.1 google
server
nginx
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
config.js
cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/ 		131 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/config.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6JN5TJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fce1a98db0531c27cfef47e2bfff90b511ad1a946d72d9eb92f125d256d7227d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 29 Nov 2023 12:58:35 GMT
server
cloudflare
x-amz-request-id
TVTW9029A00ZPZMY
age
789
etag
W/"ced8514fa2935267704e458f3799b321"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82dc7034ead69bc4-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
7i+2aR6/AH9HvSYhLPd+uZKncXYFjHrbh3OUkLdT/2JF8HI/J6vSRNZo7ZEucW+eboJfUEnHxLQ=
adview
securepubads.g.doubleclick.net/pagead/ Frame 4D2E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CCqCoc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSdAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vLuPILg82vnUDz8PCTtFFc2wx4L8mWOrPVQ8cNravKdi-kUanm39-AEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA4AKAfoLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAbIXHAoaEhRwdWItMjQyMTgzNjkzMzUwMjI0MhjLvSo&sigh=foU44ky-JdY&uach_m=%5BUACH%5D&cid=CAQSTgDICaaNENquyhWm_bTHXy_3rlAIni87gOx_gAiAlSEmQSEcCXKQPy_TRpf31TK3Ijzb9fe-jXV4ey7H3maqPRe1HM-Od1UeBBIcU8C2hBgB&cbvp=2&vis=1
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers
notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 4D2E 		0
126 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k-z_GN-BMKwC2ASdg2ICAgAAAGoM8AuvqChfcNRne6oU-b4Qcm9nZcJpBsc31NCIOC4AABIAAAoKQVFVQkFRRVBBUQ&wp=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&cbvp=2
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
server-processing-duration-in-ticks
150892
server
Kestrel
content-length
0
64f9a5bb888212-37359274.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/64f9a5bb888212-37359274.png
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-40.fra56.r.cloudfront.net
Software
Cloudinary /
Resource Hash
d1a2da045d78c4ed73d71581e1607e7ea958d598ff919dfb7fb72d53fb18b43e
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Sun, 26 Nov 2023 09:52:51 GMT
x-content-type-options
nosniff
via
1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
285187
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
21668
last-modified
Thu, 07 Sep 2023 12:23:45 GMT
server
Cloudinary
etag
"bf2c86c633d37454e6b075514d4799e2"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
zVLBjv-ycHYArgp9JdMHwhnYqbmeU7EMiNzhBLuxPBkjFJlz6H8oVQ==
795a02aecde80d5c65320603c05af1db.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/795a02aecde80d5c65320603c05af1db.jpeg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-40.fra56.r.cloudfront.net
Software
Cloudinary /
Resource Hash
da1b94b16cc73ab273a2c57777f6023480e0c24e607e48233a47ca6ecaa2d058
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Mon, 27 Nov 2023 14:23:58 GMT
x-content-type-options
nosniff
via
1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
570388
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
18291
last-modified
Tue, 19 Sep 2023 17:40:44 GMT
server
Cloudinary
etag
"cccba623fd66e8aa63515510f92791f6"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
0Rhbo4p-I8JYGqFhx7YK0vcMinwVSK17anfhavKTsCmY5ydrgjA58Q==
30bb47e121209485f9737cedb699d1ab.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/30bb47e121209485f9737cedb699d1ab.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-40.fra56.r.cloudfront.net
Software
cloudflare /
Resource Hash
7df1e9c77a18f0058fdbe776f5f12cec1055f8139eb239ead6ab4b354ae64934
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 15:11:27 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
93269
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
13511
last-modified
Tue, 28 Nov 2023 11:13:07 GMT
server
cloudflare
etag
"bae2bc14d7634d683b9c380d5143f515"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=604800
accept-ranges
bytes
cf-ray
82d38b21dc5a2d16-IAD
timing-allow-origin
*
x-amz-cf-id
c1HtJil03yJjPuYWCHtioNYW-QOdYuz7rJzVhYs_z29dUcInvq77AQ==
43a51d6c817703425c59c00f0d61b9d2.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/43a51d6c817703425c59c00f0d61b9d2.jpeg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-40.fra56.r.cloudfront.net
Software
Cloudinary /
Resource Hash
f58e6745de6de51a1ed7252fc74c7a0d13a570034fd45e12336f0c40b0ebdb1e
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Sat, 25 Nov 2023 08:21:36 GMT
x-content-type-options
nosniff
via
1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
567879
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
10102
last-modified
Thu, 05 Oct 2023 14:37:40 GMT
server
Cloudinary
etag
"d39ba77532848a2a55589265a18f807f"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
MhSXti373N9wxbBuu-Z99s472esntrQscGjebORgtw2K8Vs3_14oJQ==
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202310231203/ 		264 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202310231203/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/yjsuMg1kkWeWHf5qo2WHhexYOVs/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Oct 2023 16:04:16 GMT
server
cloudflare
x-amz-request-id
799J46HMR8DD5A13
age
2554275
etag
W/"866ce4ef9ef41c261f6060e4f642bb88"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
82dc70351b2a9bc4-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
L30FBUoK3+qa9TaVHV8UbthO93NUx1Q04YkeosmwBd6K2/gH7I81ik1fmNd4GmCx3Y6boBrXByA=
diberp-tcx-v7.13.0.js
www.americanhometownmedia.com/static/ 		328 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.58.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.58.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c02ccf4ffd38f6e1602a17e22029a37e1827a19cc5b202d5268c4f9c9336a38d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 23:21:45 GMT
content-encoding
gzip
age
1100651
x-guploader-uploadid
ABPtcPqe66d5_VkPlQ0DA1SVf-4afW12CMRkH__fm9HVJ5zu3xQlEKWcf_dm6CUUtHqzjRKqrC2GJMZQVmFY4NVn8JErtZSNl556
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
104504
last-modified
Mon, 29 Aug 2022 14:20:21 GMT
server
UploadServer
etag
"f085c7609fb7c47fb72fd768d721373e"
vary
Accept-Encoding,Origin
x-goog-generation
1661782821233427
x-goog-hash
crc32c=qwVX7w==, md5=8IXHYJ+3xH+3L9do1yE3Pg==
content-type
text/javascript
cache-control
public, max-age=31536000
x-goog-stored-content-length
104504
accept-ranges
bytes
expires
Fri, 15 Nov 2024 23:21:45 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		91 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9e0a5d077b1477b54e9f1df6c9c40070b2574f709914d83433b581e09b57c335
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29898
x-xss-protection
0
server
cafe
etag
782 / 19690 / 31079808 / config-hash: 3080115608911758694
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:05:56 GMT
privacy_small.svg
static.criteo.net/flash/icon/ Frame 98C1 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 23 Nov 2024 17:05:56 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame 98C1 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 23 Nov 2024 17:05:56 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 98C1 		308 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Sat, 23 Nov 2024 17:05:56 GMT
back_button2.svg
static.criteo.net/flash/icon/ Frame 98C1 		293 B
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/back_button2.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 28 Apr 2022 09:09:48 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"626a59dc-125"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
293
expires
Sat, 23 Nov 2024 17:05:56 GMT
lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 98C1 		43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=xJxJwiznnKikG6VF4XJurJn40v4noaqMHFlwYgOeWVCnHz72j-7iEw6XhKVmvrYO4tOseSBnCPyOzJQVHhi0WATRaccuaYIkdF3IXvZBhsItWaCmhEHZGftqxk2DTlbvVSSXOSWB42f3D6WiA3RxDBZ9A9l9YcbtjcTrXvw9vPL6OsPf_jOQl2jE26USp7jO0Dyu6zAVRMzXBa-Q7473Azqw2MaY_hnEiZF2WLG4bDYYSLsyEF1Q2aH_U8I0bvxp4Ep7EzKvSVWCZdVHxQcWnlEUkRIZ3K_jNg0Axcbf6lN-GSHj98Ac_flL7ENkZS0Vky6JRLfLNh7UvhBEoKWSlXhoPdtDJoJwiVpyGtzPRdo6lsWXnin0OGXiZNI6G0HFaC0PiYSRsQMDH6DJCfEBz7XsuulwpJW-CLujB-fM90FXTAGn
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1744914
expires
Mon, 26 Jul 1997 05:00:00 GMT
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://uintacountyherald.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://uintacountyherald.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 29 Nov 2023 17:05:56 GMT
pbjs
htlb.casalemedia.com/openrtb/ Frame AF7E 		36 B
548 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=438214
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dcf81c6a03ea6e0d1ec5a031ee6abab0dacee19f0d391384f54ba5b7ee97b35

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F87z2il02PbutTnSErFe5X5onsdOIfc0QDX4Pw7sR5Q1V6GUQ16UXtAvyF8OFTqUBFSkOoOC8ExXPqIWAck3%2B%2FnGMo4WMplh63JkrVTdI2RWfxap2o6PmmVpQhW%2BW2SH7GGsYeO2"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82dc70356eae03ec-FRA
alt-svc
h3=":443"; ma=86400
content-length
36
expires
0
auction
prebid-server.rubiconproject.com/openrtb2/ Frame AF7E 		173 B
472 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
457249833b246938e567e500028f5584fe78f2e5fa861efe5996170fc04d95c7

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
x-prebid
pbs-java/2.3.0
Content-Type
application/json
access-control-allow-origin
https://uintacountyherald.com
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
168
Expires
0
unruly_prebid
targeting.unrulymedia.com/ Frame AF7E 		0
169 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
https://uintacountyherald.com
pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
hb
hb.undertone.com/ Frame AF7E 		0
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.undertone.com/hb?pid=3590&domain=uintacountyherald.com
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.36.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-36-10.ams58.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 cda23f0bbfe83784416efeada1ac1cf8.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
AMS58-P2
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin
https://uintacountyherald.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
x-amz-cf-id
at1kZ21TnM58x41tmDx9a9TdFiL4bmBHjKsNIbuXZqXckzwKtFOkPw==
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ Frame AF7E 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://uintacountyherald.com
date
Wed, 29 Nov 2023 17:05:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ Frame AF7E 		139 B
706 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
45929276307f0831a63e6184871c29abcb03059e2788680b45b2007955e0d8ad
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
an-x-request-uuid
6c03f1f6-ab3f-4554-9859-6fe24da53b73
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
37.58.58.249; 37.58.58.249; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
139
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
tlx.3lift.com/header/ Frame AF7E 		19 B
547 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.5.0&referrer=https%3A%2F%2Fuintacountyherald.com%2F&tmax=3000
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.78.12 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-78-12.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
accept-ch
sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform
x-auction-status
16
content-type
application/json; charset=utf-8
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 98C1 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
127417
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4420
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YnIZqoNvfN%2FoWzkQ4n5OHJMITR1%2FE6MBLIQCHsVJF%2BqxnDiQI%2FlaDj1I%2FCkr6KOchI96BntQL0IQiiKrQ1otvTt4rLZEeRzSwLwhmzRILaxuVwQW9itmf8NFGRU4zyucj0%2BgMmmCsyhoANnEqIcT162V"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82dc70354e236abb-FRA
expires
Mon, 18 Nov 2024 17:05:56 GMT
animejs.js
static.criteo.net/animejs/ Frame 98C1 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 23 Nov 2024 17:05:56 GMT
34b53f9b51014e45bfd12680e1ea6404_cpn_300x600_1.jpeg
static.criteo.net/design/dt/19906/4891549/ Frame 98C1 		82 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/design/dt/19906/4891549/34b53f9b51014e45bfd12680e1ea6404_cpn_300x600_1.jpeg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
14906035a7b14b70faed0e4510d4dd1fa9a62a52c5d965a569cfa1994afdc918
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Mon, 27 Nov 2023 14:09:41 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6564a325-1472d"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
83757
expires
Sat, 23 Nov 2024 17:05:56 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?h=104&m=0&partner=19906&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F19906%2F190812%2F319a2d5469c04e068839667ed003cd32_logo4.png&v=3&w=596&rid=4&s=oGPY28g4qaXewGRwM4zJJMg8
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
35b40f04792c8406a4d2fcd12d426b98f89677c8deff50d4ca847241c5d76df7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
15142
expires
Sun, 03 Nov 2024 05:28:17 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F40401001_8-202305301245.jpg&v=3&w=400&rid=4&s=goFyLM7vgVRV4I9vt8zOD6Dq&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
434e426804c71ff13f6aca4add1394784d700881d77fb767bddeea97eaa88aea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
1866
expires
Sat, 02 Nov 2024 04:40:24 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F11524767_2-202110061234.jpg&v=3&w=400&rid=4&s=OVZiaA2ZC7eUuoB5li5x_PwJ&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
431097f4f934bdc8ae8ea0d5d33a07573e22cf31f50e02499a1b12b98be7c4a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
9592
expires
Sat, 26 Oct 2024 05:01:44 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F20406785_10-202110161050.jpg&v=3&w=400&rid=4&s=blnYTj4zm4GoZEu21q62Q9Ui&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
069e7473cfec3704ad6754a912d8c3af7e8f5bb9f1d028ffcdce957143c1051d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3972
expires
Sat, 02 Nov 2024 05:13:57 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F19906%2Fbadgeupdate.png&v=3&w=400&rid=4&s=sFPYPwb7keL_Ew6_IWjCVNv_
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
d50675d04142e9bfd9a7066718b8f5f9336d4000b1c8dc5542002955d9b002c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4547
expires
Thu, 07 Nov 2024 09:55:04 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F12126311_2-202108130002.jpg&v=3&w=400&rid=4&s=L0oDTP2b8TwjcfDgCxE3O9qC&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
0c659c2351251346d80951411cf3e8704b382d17b990f900212543f96faaa44d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3134
expires
Tue, 05 Nov 2024 03:33:20 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F25401974_18-202212201140.jpg&v=3&w=400&rid=4&s=viCkUhLnxFebTihZYZoEh83S&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
8187d4c5ee3a9ff84d7a0acbeddc81d7e08d41c1fbb7abc4c791b95f1c197171
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3992
expires
Sat, 02 Nov 2024 02:33:18 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F26408438_1-202102111235.jpg&v=3&w=400&rid=4&s=m1tz7LvFF0BcKuvWZY-CZv_z&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
843eda5aa5456a103512eaff44967044a8c56bbebdd3e6082d39e0d1e8fe5f2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
2288
expires
Sat, 02 Nov 2024 16:46:21 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F25408430_1-202010152157.jpg&v=3&w=400&rid=4&s=pyy2C5yD9Ut-Tkqo519X1fHS&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
18810cc7f62acf01765366af6b41e3890fd2ea526b7a35ce622873468d0f39ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
5502
expires
Sat, 02 Nov 2024 00:38:32 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F12126269_1-201908142242.jpg&v=3&w=400&rid=4&s=R5xjaQbFvNyVJUU743HmGYZU&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
986dbf199148339b2f4e874acec7466a921f043a1cb7eff7c79881538afff006
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4988
expires
Mon, 04 Nov 2024 06:19:48 GMT
img
imageproxy.eu.criteo.net/img/ Frame 98C1 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F12106257_1-202008252245.jpg&v=3&w=400&rid=4&s=pddTT32CweBTT0fUUUPVIZQM&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7f643d148ed9a4aac91a55dc27b1a87cc26905b2c659521ef2e23f238dc9555f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:55 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3084
expires
Sat, 02 Nov 2024 04:47:48 GMT
all
csm.eu.criteo.net/ Frame 98C1 		0
128 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=WV7V7AVpiAYxC3kUtCUjP167KHPfV0pblkUn8l1fsFXpRhedgqG2Yfqc60dA7udBkn-8LAbWDBE9rXhNKjL2KgP6c0MbT4qELhZ1WEDOhkOHppnyS1wnf0v10xYzYw9XtqZ6wnxHrYm1TYq3aGzKM5Iqg-cT4C-J77oLsh4s8uEfXNFKSry9KpFtiA-pAILYYYxk0roUq7PGOyd3wYr8fAoREwYpsOczwHI_3bzssJ-ncMUD1Yy9vteoKfATptZM0weF4g&sds=2&rev=89278&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 29 Nov 2023 17:05:56 GMT
strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 98C1 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 23 Nov 2024 17:05:56 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 98C1 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWdvcwAD2NwIVSehAAR0qQVJGzZbzWwy2UWC_g&u=%7CYfEbtlOSdMqvY%2BZDR%2FHkKRS6ysBEevCYoS2SxuF2vdc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_T2XBJyxFtOnmVgOET7FtPVd7P9bYUh6_ZXmc5aAC9qAUSmF6a457XNXs7iNiyn4bCK4lvwVDkE242R-xshLfLReZwGPN8y6geAYtFI-lP1mhoviR4WaXMcDrizAsnLsyDi3AdUU_NRTTiQ8i5P-dRcOxWEFZAqPsQCpsWN1H9C2RrWJTdv09Lsd9yE5gGxTFJgAG6eMz2bYoTztCM7igJ5MFKDKUIsfJfLVFEGIOSAtPgkfqf3EETWWdS8W0Z58ktt8qn-98y-JNmlc-UKJjXAlvulQWxKCuxQd4H5srg6peLRimSHQggoZ88olHAEk5saImDXygw7kv5WinOAw--20eJkvvPNN7hPOOVYYNwNxEx2bdpjERFqgpRkkizZ32ddrXqSjVyf39zMIvUAmUPDH4osCq8-_EOl90tt5DAj9oV824HGxxELfeRtPxBivywB7XpKIzJPqxojLd0OlmoR2I1hInYstX1aTrxteOGFEeB2AfpW7aPqJBxjwJ8mxp4Iiz2aGvaci0RidQdWcgVRXGcz_0lH1TKEeXqN_TAto--1PPLdlSysc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8V6gc29nZdyxD6HP1PIPqemRoA_JntKxXNWdkfdwwI23ARABIABglcL-gZQHggEXY2EtcHViLTI0MjE4MzY5MzM1MDIyNDLIAQmpAr4Xm8ULarI-4AIAqAMByAMCqgSgAk_QXr2QPLzGP4slMpIrjCzMgSb6QYhWtwUV8HAXLaK5NmY3Bf29yOHJ940e-8dcQQCdUkQNzfDGQs7T5aIQZxYJT-ZaeMs_Jz5QjPALrWhMSczVisQ3fqXQ_KQ_Q-HCr-sM5yIrRXQSpvMOF26pj-AkhAWZ9Y03koVnatWyuB_wf89QLX5qXS0yxjVIrXK7QBDh__MXwQ1NqwI56N7k4pnY_zENuwyegWFLdEvzLeeHjHn0x57e8sWQQGUAbDl7zlziYn8Zg197fMPXR0vMwBzm-5iXPtsmkGBc6Q3GEw0oxmsALY-21CKQLGHVAzKqNfQHAPtP0vKsPqNyc_g3bZosG_5hNL6SzTkBRG-gtHfkOf7NmE2Dp_GMoO2XHtDDzOAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOlid8t7i2OmCA_oLAggBgAwB4g0TCMC_3-LY6YIDFaEnVQgdqXQE9NAVAYAXAQ%26num%3D1%26sig%3DAOD64_1PBql4t2HvKFKoQZcF3HmyIRJi1w%26client%3Dca-pub-2421836933502242%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 23 Nov 2024 17:05:56 GMT
opensans-400.css
static.criteo.net/design/googlefont/opensans/ Frame 98C1 		2 KB
899 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
688a83886a5a759614fb53d73736845837de908ce3553b146471782995bc5943
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:03 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f077-9fe"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 23 Nov 2024 17:05:56 GMT
opensans-700.css
static.criteo.net/design/googlefont/opensans/ Frame 98C1 		2 KB
900 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-700.css
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3cd346aff1efcc38119a600f75667ba0089a7a6bece2b905503fb7c0c65ddcb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:05 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f079-9fe"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 23 Nov 2024 17:05:56 GMT
694
a.ad.gt/api/v1/u/matches/ Frame AF7E 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.ad.gt/api/v1/u/matches/694?_it=amazon
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fuintacountyherald.com%2F&ref=https%3A%2F%2Fuintacountyherald.com%2F&_it=amazon&partner_id=694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48451f7be5e01c64dc7b805673538f5d75a8708742ca4ac3efcb0926d64b7511

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 29 Nov 2023 17:02:55 GMT
server
cloudflare
age
181
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cross-origin-resource-policy
cross-origin
cf-ray
82dc7035f87139d0-FRA
opensans-400-latin.woff2
static.criteo.net/design/googlefont/opensans/ Frame 98C1 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-400-latin.woff2
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f885ec8a0a68847aff7c6bb94968bf7cb5099c0c449ae1535cf8515cc0ff8e18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Origin
https://ads.eu.criteo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:03 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f077-4164"
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 23 Nov 2024 17:05:56 GMT
in_top.js
resources.infolinks.com/js/1895.006-3.034/ 		81 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1895.006-3.034/in_top.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6cbc6e0c356ead580f680048e3925fb5d55b31ac9dc3eab2ef79cf0a433b219

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 07 Nov 2023 17:45:04 GMT
server
cloudflare
age
13989
etag
W/"1430d-6099387da1887"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
82dc7035fe1b18c3-FRA
expires
Fri, 29 Dec 2023 13:12:47 GMT
in_search.js
resources.infolinks.com/js/1895.006-3.034/ 		225 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1895.006-3.034/in_search.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d1b618b508d6e2c3ab4c4d98feeddfdb66e6d87d9dcfd88097f1d85480c3af0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 07 Nov 2023 17:45:04 GMT
server
cloudflare
age
12867
etag
W/"38471-6099387db3d85"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
82dc7035fe2118c3-FRA
expires
Fri, 29 Dec 2023 13:31:29 GMT
bubble.js
resources.infolinks.com/js/1895.006-3.034/ 		156 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1895.006-3.034/bubble.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59ddf97f6e2d2c730808590edffb1c8caf4569dc1f10eb24c374e445911e6841

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 07 Nov 2023 17:45:04 GMT
server
cloudflare
age
4917
etag
W/"2702f-6099387db510d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
82dc7035fe2318c3-FRA
expires
Fri, 29 Dec 2023 15:43:58 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		365 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a32283aaba0418ac1b0953af32fbe71948d43e7cdc08abeca552a9373809087
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128094
x-xss-protection
0
expires
Wed, 29 Nov 2023 17:05:56 GMT
getads.htm
rt3014.infolinks.com/action/ 		536 B
458 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22h_IL_INTOP%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22h%22%2C%22garc%22%3A0%2C%22sdata%22%3A%22angie%22%2C%22scs%22%3A%22oBE1sOtoNP%22%7D%5D&rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&jsv=1895.006-3.034&sr=1600X1200&rts=1701277556184&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=120.0.6099.28&dv=p&ce=t&purl=https%3A%2F%2Fuintacountyherald.com%2F&tzo=%2B0100&c=c&strg=true&sua=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D&rsd=ZOsbegDdr4FuUNIChDV-RCVQnrDO-_4FzC_BbbR05wirYVc8Wi8UnXmByyac_Jc371ISHv8Gw3A1Tvi81aveBwQoGxQv_Q2J8vosxWl0UlZqANkn8PsRdbGAx9rdO-x0ATT07MDfD-PLtDZ0YuAcyKzImFqcZd9u&rsk=77&rcs=rE0RGfrN2AcJxOlBCEJ3rw&cuid=d3fd0d22-50cb-40cb-b0b8-db40b0e3dfd5&hbnr=false
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc892a24048c89b646884d447742d249c3870739f8b5c2c4a2fd9bc0b6063766

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
p3p
CP="NON DSP NID OUR COR"
content-language
de-DE
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
82dc70363e6b18c3-FRA
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
intag_incontent.js
resources.infolinks.com/js/1895.006-3.034/ 		200 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1895.006-3.034/intag_incontent.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21cfed7eb47b3b9d993cf5a71b4feb6e45c17a34e5355f197deb015ff7d877f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 07 Nov 2023 17:45:05 GMT
server
cloudflare
age
14051
etag
W/"31f6c-6099387e62a98"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
82dc70364e9418c3-FRA
expires
Fri, 29 Dec 2023 13:11:45 GMT
getads.htm
rt3014.infolinks.com/action/ 		553 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22d_IL_INSEARCH%22%2C%22bdc%22%3A2%2C%22prod_t%22%3A%22d%22%2C%22garc%22%3A0%2C%22sdata%22%3A%22news%22%2C%22scs%22%3A%22Ju35myIGsa%22%7D%5D&rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&jsv=1895.006-3.034&sr=1600X1200&rts=1701277556202&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=120.0.6099.28&dv=p&ce=t&purl=https%3A%2F%2Fuintacountyherald.com%2F&tzo=%2B0100&c=c&strg=true&sua=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D&rsd=ZOsbegDdr4FuUNIChDV-RCVQnrDO-_4FzC_BbbR05wirYVc8Wi8UnXmByyac_Jc371ISHv8Gw3A1Tvi81aveBwQoGxQv_Q2J8vosxWl0UlZqANkn8PsRdbGAx9rdO-x0ATT07MDfD-PLtDZ0YuAcyKzImFqcZd9u&rsk=77&rcs=rE0RGfrN2AcJxOlBCEJ3rw&cuid=d3fd0d22-50cb-40cb-b0b8-db40b0e3dfd5&hbnr=false
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99c4424f08cb5b43e2e5069c49cdcba08b7761fca12df26ee31a6e6a82523a0d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
p3p
CP="NON DSP NID OUR COR"
content-language
de-DE
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
82dc70365e9a18c3-FRA
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.13.0-pre
Requested by
Host: www.americanhometownmedia.com
URL: https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.91 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
cf32b167930284d9ff27cc9a2e636db1d285d19a8e227e3a7b7b251416594b1d

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 29 Nov 2023 17:05:56 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://uintacountyherald.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap1ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
arj
justapinch-com-d.openx.net/w/1.0/ 		175 B
596 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://justapinch-com-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fuintacountyherald.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=aff3d5d1-183e-44ee-ac68-b382eb881ba2%2C5a01c32d-a011-4070-8f7c-7292767321bb&nocache=1701277556252&gdpr_consent=&gdpr=0&schain=1.0%2C1!americanhometownmedia.com%2C00029%2C1%2C%2C%2C&aus=300x250%7C300x250&divids=ahm_widg_id_12%2Cahm_widg_id_13&aucs=%2C&auid=544092684%2C544092684
Requested by
Host: www.americanhometownmedia.com
URL: https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
ac6824f97f0a8387533c1aceef1fb36fc73db5b1af2036035f3cfd58763507df

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://uintacountyherald.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
165
expires
Mon, 26 Jul 1997 05:00:00 GMT
trinity.json
apex.go.sonobi.com/ 		607 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2280c551a037c5b%22%3A%22756efff2836db95a6c52%7C300x250%7Cgpid%3D%2F281191609%2C129995211%2Ftrx_newsmediacorp%2Fuintacountyherald.com%2Cc%3Dd%2C%22%2C%22904a0e81de2e0d%22%3A%22756efff2836db95a6c52%7C300x250%7Cgpid%3D%2F281191609%2C129995211%2Ftrx_newsmediacorp%2Fuintacountyherald.com%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fuintacountyherald.com%2F&s=24bf76f7-7cba-49dc-a6f0-5100b4d0449a&pv=c98c83af-db97-4ece-9d3c-f424a3d1772e&vp=desktop&lib_name=prebid&lib_v=7.13.0-pre&us=5&fpd=%7B%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fuintacountyherald.com%2F%22%2C%22domain%22%3A%22uintacountyherald.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22uintacountyherald.com%22%7D%2C%22keywords%22%3A%22BreakingNewsfromyourLocalNewsSourceLeaderinEvanston%2CWyoming%7CUintaCountyHerald%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%7D%7D&ius=1&gdpr=false&schain=%7B%22complete%22%3A1%2C%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22americanhometownmedia.com%22%2C%22sid%22%3A%2200029%22%2C%22hp%22%3A1%7D%5D%7D&coppa=0
Requested by
Host: www.americanhometownmedia.com
URL: https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.34.250.77 Hemet, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
4aa8f9c25b07f8e7f126b58996f768d6c743f80cef055036ce562f31b42ede3c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 29 Nov 2023 17:05:57 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-39
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Type
application/json
Access-Control-Allow-Origin
https://uintacountyherald.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
342
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
dcl.htm
rt3014.infolinks.com/action/ 		0
37 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/dcl.htm?rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&jsv=1895.006-3.034&capara=%7B%22failedAlgos%22%3A%22aapalgo%22%7D
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
82dc7036af0118c3-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
getads.htm
rt3014.infolinks.com/action/ 		0
56 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/getads.htm?hks=%5B%5D&rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&jsv=1895.006-3.034&sr=1600X1200&rts=1701277556261&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=120.0.6099.28&dv=p&ce=t&purl=https%3A%2F%2Fuintacountyherald.com%2F&tzo=%2B0100&c=c&strg=true&sua=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D&rsd=ZOsbegDdr4FuUNIChDV-RCVQnrDO-_4FzC_BbbR05wirYVc8Wi8UnXmByyac_Jc371ISHv8Gw3A1Tvi81aveBwQoGxQv_Q2J8vosxWl0UlZqANkn8PsRdbGAx9rdO-x0ATT07MDfD-PLtDZ0YuAcyKzImFqcZd9u&rsk=77&rcs=rE0RGfrN2AcJxOlBCEJ3rw&cuid=d3fd0d22-50cb-40cb-b0b8-db40b0e3dfd5&hbnr=false
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/plain;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
82dc7036af0218c3-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
dcl.htm
rt3014.infolinks.com/action/ 		0
37 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/dcl.htm?rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&jsv=1895.006-3.034&capara=%7B%22mode%22%3A%22default%22%2C%22markers%22%3A0%7D
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
82dc7036af0318c3-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
vidice.js
resources.infolinks.com/js/vidice/2.0/ 		333 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/vidice/2.0/vidice.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2bdac211f43fbee9eeb4d50f8755206599f76296cd15316a97c9d2cb2050d2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 20 Mar 2023 11:31:12 GMT
server
cloudflare
age
13660
etag
W/"5344d-5f75343a1bcf7"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
82dc7036cf3418c3-FRA
expires
Fri, 29 Dec 2023 13:18:16 GMT
page-view
yeet.revcontent.com/yeet/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/page-view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.81.36.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://uintacountyherald.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://uintacountyherald.com
content-length
0
date
Wed, 29 Nov 2023 17:05:56 GMT
server
envoy
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
2
x-rc-region
eu-west-1c
widget-loaded
yeet.revcontent.com/yeet/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.81.36.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://uintacountyherald.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://uintacountyherald.com
content-length
0
date
Wed, 29 Nov 2023 17:05:56 GMT
server
envoy
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
2
x-rc-region
eu-west-1c
page-view
yeet.revcontent.com/yeet/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/page-view
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.81.36.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/json

Response headers

x-rc-region
eu-west-1c
access-control-allow-origin
https://uintacountyherald.com
date
Wed, 29 Nov 2023 17:05:56 GMT
access-control-allow-credentials
true
x-envoy-upstream-service-time
5
server
envoy
vary
Origin
widget-loaded
yeet.revcontent.com/yeet/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.81.36.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-36-123.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Referer
https://uintacountyherald.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/json

Response headers

x-rc-region
eu-west-1c
access-control-allow-origin
https://uintacountyherald.com
date
Wed, 29 Nov 2023 17:05:56 GMT
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
server
envoy
vary
Origin
adview.htm
rt3014.infolinks.com/action/ 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/adview.htm?rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&bdc=2&midx=0&emd=NTd-bnVsbF9udWxs&rts=1701277556459&prod_t=d&jsv=1895.006-3.034&skin=sidebar&theme=nologo&sdata=news&scs=Ju35myIGsa&rsd=ZOsbegDdr4FuUNIChDV-RCVQnrDO-_4FzC_BbbR05wirYVc8Wi8UnXmByyac_Jc371ISHv8Gw3A1Tvi81aveBwQoGxQv_Q2J8vosxWl0UlZqANkn8PsRdbGAx9rdO-x0ATT07MDfD-PLtDZ0YuAcyKzImFqcZd9u&rsk=77&rcs=rE0RGfrN2AcJxOlBCEJ3rw
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
text/html;charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
p3p
CP="NON DSP NID OUR COR"
cache-control
no-cache,no-store
access-control-allow-credentials
true
cf-ray
82dc7037e9049171-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
bloomingdales_300x250.jpg
resources.infolinks.com/static/brands/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.infolinks.com/static/brands/bloomingdales_300x250.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfb5be0b0ed00c21f6cc36a602d18f3d95f0a341706599607149a201434d27c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 google
cf-cache-status
HIT
age
3143
cf-polished
qual=85, origFmt=jpeg, origSize=24997
content-disposition
inline; filename="bloomingdales_300x250.webp"
content-length
16488
cf-bgj
imgq:85,h2pri
last-modified
Mon, 20 Mar 2023 11:30:07 GMT
server
cloudflare
etag
"61a5-5f7533fc24589"
vary
Accept
content-type
image/webp
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
82dc7037e8cd18c3-FRA
expires
Fri, 29 Dec 2023 16:13:33 GMT
adview.htm
rt3014.infolinks.com/action/ 		0
42 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/adview.htm?rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&bdc=1&midx=0&emd=NTd-bnVsbF9udWxs&rts=1701277556465&prod_t=h&jsv=1895.006-3.034&sdata=angie&scs=oBE1sOtoNP&rsd=ZOsbegDdr4FuUNIChDV-RCVQnrDO-_4FzC_BbbR05wirYVc8Wi8UnXmByyac_Jc371ISHv8Gw3A1Tvi81aveBwQoGxQv_Q2J8vosxWl0UlZqANkn8PsRdbGAx9rdO-x0ATT07MDfD-PLtDZ0YuAcyKzImFqcZd9u&rsk=77&rcs=rE0RGfrN2AcJxOlBCEJ3rw
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:56 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
text/html;charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
p3p
CP="NON DSP NID OUR COR"
cache-control
no-cache,no-store
access-control-allow-credentials
true
cf-ray
82dc7037e90e9171-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
seamless_pizza_728x90.jpg
resources.infolinks.com/static/brands/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.infolinks.com/static/brands/seamless_pizza_728x90.jpg
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7e740e128d97a6caebc8552957110daa769eabac505c9545aeb097e153620a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 google
cf-cache-status
HIT
age
11834
cf-polished
qual=85, origFmt=jpeg, origSize=26562
content-disposition
inline; filename="seamless_pizza_728x90.webp"
content-length
20038
cf-bgj
imgq:85,h2pri
last-modified
Mon, 20 Mar 2023 11:30:07 GMT
server
cloudflare
etag
"67c2-5f7533fc235e8"
vary
Accept
content-type
image/webp
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
82dc7037f8d718c3-FRA
expires
Fri, 29 Dec 2023 13:48:42 GMT
stn_trk.gif
s2l.sendtonews.com/ 		26 B
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=rO24BncQSMzQVeEl&instance=214987133&version=7.27.3&age=231129&ldt=BIDS&key=Be6nXXXs&c_id=12385&seq=1&order=5&vIndex=0&absoluteTime=3143.7&relativeTime=1111&sm_id=3205108&visiblestatecd=I&soundcd=OFF&alt=0&sC_ID=8783&load=1&status=LVFNMNIY&ac_id=2008&bidIndex=1&prebid.cid=0&prebid.bidders.ix.time=80.6&prebid.bidders.rubicon.time=78.8&prebid.bidders.unruly.time=434.8&prebid.bidders.undertone.time=183.2&prebid.bidders.pubmatic.time=86.3&prebid.bidders.appnexus.time=71&prebid.bidders.triplelift.time=70.6&prebid.start=2703.4&prebid.time=439.8&prebid.timeout=3000&adIndex=-1
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.122.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-122-215.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
ads
pubads.g.doubleclick.net/gampad/ Frame 421A 		156 B
143 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?slotname=%2F92056281%2Fuintacountyherald-premium&sz=480x270&ciu_szs=300x60&cust_params=sessionKey%3D214987133-rO24BncQSMzQVeEl%26schain%3Dstnvideo.com%2COs1rviljg-Vo7CkRLAuBsw%26content%3D8783%26placementType%3DPremium%26embed%3DBe6nXXXs%26domain%3Duintacountyherald.com%26player_size%3Dmedium%26player_width%3D400%26player_height%3D227%26player_type%3Dbarker%26smartmatch%3Dno%26version%3D7.27.3%26player_status%3DLVFNMNIY%26play_code%3D2008%26view100%3D1%26excl_cat%3Dstl_id00157%26rand%3D3%26uhr%3D18%26iris_id%3Diris_887d2ac77c34474a%26iris_context%3Dic_2782847%2Cic_5073780%2Cic_6902683%2Cic_7993673%2Cic_4852208%2Cic_9564594%2Cic_6367414%2Cic_3849004%2Cic_4619843%2Cic_2115263%26us_privacy%3Dfalse%26keywchk%3Dok&url=https%3A%2F%2Fuintacountyherald.com%2F&unviewed_position_start=1&output=xml_vast4&env=vp&gdfp_req=1&ad_rule=0&video_url_to_fetch=https%3A%2F%2Fuintacountyherald.com%2F&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.28%20Safari%2F537.36%2Cgzip(gfe)&vad_type=linear&vpos=preroll&pod=1&ppos=1&lip=true&min_ad_duration=0&max_ad_duration=250000&vrid=1263268&us_privacy=false&hl=en&cmsid=2631244&plcmt=2&vconp=2&video_doc_id=3205108&vpa=auto&vpmute=1&cnc=12230023&kfa=0&tfcd=0&sdkv=h.3.605.0&osd=2&frm=0&vis=1&sdr=1&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&u_so=l&ctv=0&mpt=stnvideo%2Fplayer&sdki=445&ptt=20&adk=701525258&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.605.0&sid=BA971EA5-C338-45AE-8AFD-073DEE1EAF34&nel=0&eid=44772139%2C44777649%2C44781409%2C44802074%2C44802463%2C44804291%2C44804616%2C44807947&top=https%3A%2F%2Fuintacountyherald.com%2F&loc=https%3A%2F%2Fuintacountyherald.com%2F&dlt=1701277554084&idt=1686&dt=1701277556495&cookie=ID%3D274271fe1f9c4229%3AT%3D1701277555%3ART%3D1701277555%3AS%3DALNI_MbrS16W_4wNCfu8zNod1-S72CrQvg&gpic=UID%3D00000cfd2867a3be%3AT%3D1701277555%3ART%3D1701277555%3AS%3DALNI_MZqhul8WAeZFVUN3kv1dI_rvnFjGg&correlator=1381387709857944&scor=921175752090302&ged=ve4_td2_tt0_pd2_la2000_er0.0.0.0_vi0.0.1200.1600_vp0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
_jvg1ELEJFAfiKmZFmw3TCOLYIf2XDjt3jNh0iiXyTlXPwxrjFzosyejklsgXbCq_tee3tk5OqW3fFfNWM4SYR1HAM_VkG2E97L8MQ46tBGvazX767y4Bg=w600-h400-p-rj-l68-e365
lh3.googleusercontent.com/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/_jvg1ELEJFAfiKmZFmw3TCOLYIf2XDjt3jNh0iiXyTlXPwxrjFzosyejklsgXbCq_tee3tk5OqW3fFfNWM4SYR1HAM_VkG2E97L8MQ46tBGvazX767y4Bg=w600-h400-p-rj-l68-e365
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
67a0efe7750de1fd405c1e45e4d372df8edae60331f8f91a348ffb615811fa59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:20:56 GMT
x-content-type-options
nosniff
age
2700
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
58721
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
timing-allow-origin
*
expires
Tue, 27 Feb 2024 16:20:56 GMT
CoD3Aaz0Fxl9ZeW8r_txbeQAFJV2-yrEcUEJ9tkci9cYXlgWPKPzdUxvyYJihfKipI5pxBwMW8KLAiHhR_hLijgaLAvHrQ2eMjXKcIjZ=s42-p-rj-l68-e365
lh3.googleusercontent.com/ 		927 B
990 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/CoD3Aaz0Fxl9ZeW8r_txbeQAFJV2-yrEcUEJ9tkci9cYXlgWPKPzdUxvyYJihfKipI5pxBwMW8KLAiHhR_hLijgaLAvHrQ2eMjXKcIjZ=s42-p-rj-l68-e365
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5db6ba4765f1c66bd5f451cdfad18c7d12a5fb2615b9d561a20b63b39e098cfd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:20:56 GMT
x-content-type-options
nosniff
age
2700
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
927
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
timing-allow-origin
*
expires
Tue, 27 Feb 2024 16:20:56 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311150101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
22a5a9f791dd78b31dc837db2dad5a352fd47a590b8068821282ff24be508e5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12206
x-xss-protection
0
tcx-ping.php
japfg-trending-content.appspot.com/ 		205 B
191 B 		Script
General
Check archive.org
Download Go to
Full URL
https://japfg-trending-content.appspot.com/tcx-ping.php?s=10236&t=&h=uintacountyherald.com&p=%2F&w=2&a=ldgr8--ldgr9&_debug=1
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
d01e0ce8ebc980e3361c9a352d230fcbae74cd7b3c0d83e0676adf3754f0363b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:57 GMT
content-encoding
gzip
via
1.1 google
server
nginx
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
csi
csi.gstatic.com/ Frame 421A 		0
225 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lpk0qbd0&c=8239351769909&slotId=4119675884954.5&eee=missing-element&bi=missing-id&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4001:c1e::78 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
stn_trk.gif
s2l.sendtonews.com/ 		26 B
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=rO24BncQSMzQVeEl&instance=214987133&version=7.27.3&age=231129&ldt=NO_IMP&key=Be6nXXXs&c_id=12385&seq=1&order=6&vIndex=0&absoluteTime=3397.3&relativeTime=1364.6&sm_id=3205108&visiblestatecd=I&soundcd=OFF&alt=0&sC_ID=8783&load=1&status=LVFNMNIY&ac_id=2008&adIndex=-1&DS=notfound&prebidABS=G&prebidABC=[[1,%22control_mod_del%22],[1,%22bidder_mod%22,%220_mod%22],[1,%22bidder_del%22,%220_del%22]]
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.122.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-122-215.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
p
sb.scorecardresearch.com/ Frame AF7E 		43 B
300 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=18065638&ns_type=hidden&ns_st_sv=6.3.4.190424&ns_st_smv=5.10&ns_st_it=c&ns_st_id=1701277555576&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=26527&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.3.4.190424&ns_st_pn=1&ns_st_tp=1&ns_st_ci=3205108&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_ap=0&ns_st_dap=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_st_ldw=0&ns_st_ldo=0&ns_ts=1701277556725&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1149&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc12&ns_st_ge=Sports&ns_st_st=SendtoNews&ns_st_ce=0&ns_st_ia=0&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Cheddar%20News&c3=sendtonews&c4=Business&c6=*null&c7=https%3A%2F%2Fuintacountyherald.com%2F&c8=&c9=https%3A%2F%2Fuintacountyherald.com%2F
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-22.muc50.r.cloudfront.net
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
via
1.1 5f3006c64f23c42b9bf4b3b63c77aedc.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
MUC50-C1
x-cache
Miss from cloudfront
content-type
image/gif
content-length
43
x-amz-cf-id
K2WqynYnm_8FLn-0L7bzdA88H76HVVRp1J55cb43KDK7Be933W_RLA==
stn_trk.gif
s2l.sendtonews.com/ 		26 B
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=rO24BncQSMzQVeEl&instance=214987133&version=7.27.3&age=231129&cmd=INV&key=Be6nXXXs&c_id=12385&seq=1&order=7&vIndex=0&absoluteTime=3402.7&relativeTime=1370&alt=0&sC_ID=8783&sm_id=3205108&load=1&status=LVFNMNIY&ac_id=2008&EXTREF=https://uintacountyherald.com/&REF=https://uintacountyherald.com/&playerCfg=BR&playerType=BARKER
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.122.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-122-215.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
stn_trk.gif
s2l.sendtonews.com/ 		26 B
186 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=rO24BncQSMzQVeEl&instance=214987133&version=7.27.3&age=231129&cmd=PLAY&key=Be6nXXXs&c_id=12385&seq=1&order=8&vIndex=0&absoluteTime=3402.8&relativeTime=1370.1&alt=0&sC_ID=8783&sm_id=3205108&load=1&status=LVFNMNIY&ac_id=2008&EXTREF=https://uintacountyherald.com/&REF=https://uintacountyherald.com/&playerCfg=BR&playerType=BARKER&pposition=float&floattype=s
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.122.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-122-215.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 29 Nov 2023 17:05:56 GMT
csi
csi.gstatic.com/ Frame 421A 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~lpk0qc4x&c=8239351769909&slotId=4119675884954.5&ghmsh_eids=44772139%2C44777649%2C44781409%2C44802074%2C44802463%2C44804291%2C44804616%2C44807947
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4001:c1e::78 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8EFD 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
15028
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 12:55:28 GMT
expires
Thu, 28 Nov 2024 12:55:28 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 53B4 		829 B
997 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1a4fa2ab2eef77b4612ad1ecbb324a9a7ff155be4e868b716a2efe937f6317d1
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-nQw9w7HlqOwenwN0TnNFLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-nQw9w7HlqOwenwN0TnNFLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:56 GMT
expires
Wed, 29 Nov 2023 17:05:56 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 8EFD 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:19:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
2765
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 28 Nov 2024 16:19:51 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 53B4 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311150101&jk=3853404062806873&rc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 8EFD 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?aXTu3g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:56 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
dcl.htm
rt3014.infolinks.com/action/ 		0
62 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/dcl.htm?rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&prod_t=d&sdata=news&bdc=2&midx=0&capara=%7B%22ve%22%3A%22mrc50%22%7D
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
82dc703e394a18c3-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311150101&jk=3853404062806873&bg=!FBelF1jNAAZxrfrxUa07ADQBe5WfOIXSyla034zM3qE3ZCs5oL_z9qJDBTkx4cczYmKXOyHDjJJiwQpDtXB4lXvRFBojAgAAAD5SAAAAAmgBBwoAamcxGCNlTNs7t3Mog6SO1Q2iwfcdDxDHDLwmMqz1Y0zqzrw8xPj2S5w0-iNk3jdbnlyiDnhrG050TnuE2cR6PDhYyfZIwybzhAxznIyYrU6M_XNzsG6bI4bxt30mgAxaroAdt3-XIX9YqP2ZArpQfM-6iWLvpwCKJ62az9FiyGTHsAxSm-EchRG5aZZs6Gof_7e9psMZpxCENz2CIp3Aq2JVquZ45Z9c4Sh0CEqr4mG6gMWUdLY1ST80-IWwipKdzPlTI1ZzBvjH3-L9BmnewI1YCJCtMqO_eYUrgAr7JM1pe6PpIkr9xtqbl5BCkvmKEEOk4axItklHUKR0XKCmfB7OiY7GcCDtype4t-4dLY9s2ZN8pv_EuRoaggFLy26jNilTMon4geqUtvca1FWy03DmIO0SyLO0SQ_P54S9PyXg4i1z9dUQHUAQGszY2gHxOrpb4xMiutIvj9HsIc3OOnqGSqOuVJVDhcBIfEQvmH7-umgobfGwDOuKSe0aV-FM0LRkSv2X5svcnXFsTTh1w-uOKLfiijSo2QCp7W_HxQYITJGCSEJSgsWposCviEH_Isgxieu0lKWAt_LGm-XAgSBvSLsRqqN55Qmi0dCtNgdmZCy4HOTazfYPp3DoIkQJ7lpp5lX6nj0hNRrrsMq-OrtnnYyAPL3CTO_bn3VUlZn_CPkgCEFACnwM7MaDcAE_FjVFQtN92oq5c4LTyuj3RAFakyJ2X4jrAshWIfHu7I2bszJpL1Zeu_sYn74j3LsmL09t-hi6w3U7oKVxTvH1cYX_-TyFoC4fSgjgBDP5KsPZHhjo1cxzk9-ZFwDcm-caTlGzh0T6Qr6lic4RzDh7kSmbGXFsBLdHe_DVJXE0zMzMA2l0X8y6fQTz4Ts7zupPfz-76vSEDuM-7lEN3tpZPzu64vZZrmX40rE9JrYSZCFuhyUPPsniwHF4wpUydSWWb00_Wk2Lk-YyguzawLdVldIPO0myb-NQbsBz6nVpVBX36QZqZ1dmWqrs9X0O4nnq1vtfmIj8PUyBSflzkIvSw-ddnnDMgkIRU6PzUFCGlZy8rqXig29x9w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers
ads
securepubads.g.doubleclick.net/gampad/ 		57 KB
19 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3853404062806873&correlator=2470448774366708&eid=31079761%2C31079791%2C31079527%2C31078659&output=ldjh&gdfp_req=1&vrg=202311150101&ptt=17&impl=fifs&iu_parts=281191609%3A129995211%2Ctrx_newsmediacorp%2Cuintacountyherald.com&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250%2C320x50%7C300x250&fluid=height%2Cheight&ifi=7&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D274271fe1f9c4229%3AT%3D1701277555%3ART%3D1701277555%3AS%3DALNI_MbrS16W_4wNCfu8zNod1-S72CrQvg&gpic=UID%3D00000cfd2867a3be%3AT%3D1701277555%3ART%3D1701277555%3AS%3DALNI_MZqhul8WAeZFVUN3kv1dI_rvnFjGg&abxe=1&dt=1701277557521&lmt=1701277557&adxs=1200%2C1200&adys=1779%2C1323&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2%7C3&ucis=7%7C8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fuintacountyherald.com%2F&vis=1&psz=300x-1%7C300x-1&msz=300x-1%7C300x-1&fws=0%2C0&ohw=0%2C0&ga_vid=1964370080.1701277555&ga_sid=1701277555&ga_hid=1607482481&ga_fc=true&dlt=1701277554084&idt=655&prev_scp=slotName%3Dldgr8%26pubDom%3Duintacountyherald.com%26atab%3Dtrue%26frstlk%3Dtrue%7CslotName%3Dldgr9%26pubDom%3Duintacountyherald.com%26atab%3Dtrue%26frstlk%3Dtrue&adks=1698964757%2C1698964754&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6b5c2f31f34b40f32d70205a9d3fb56a96a61c5ab2a1fa1e4ce665e22afbb6ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:57 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19676
x-xss-protection
0
google-lineitem-id
-1,-1
pragma
no-cache
server
cafe
google-creative-id
-1,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://uintacountyherald.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame ECC3 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:55 GMT
expires
Thu, 28 Nov 2024 17:05:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C9B1 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:55 GMT
expires
Thu, 28 Nov 2024 17:05:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 2A13 		624 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUTU0l6C3pbfNL0Y-CmaxcIZnlKGT5-q7TsWglr4iaUDWRlgTIqQD-36ZwQ-DymFt0nT2PHRsSOjXQT3fnVCxOnPbSaoMBKBikVpELplGeE-bdBoR47CXYhI7LuxylEJAxomyit7BPCWHcnYWMGh6ax40cw9-V8h-vf3Ksgj4jOg7iG6Uo
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame ECC3 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:05:57 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame ECC3 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BtvVJZuOgEirLc3IBWsAdjoSsTr5GaMlTnMHEmw48Fa9uFLCN9JdS5jhARe3QGb8-jD1XR186WaUBTJaFPU8pbVXBGNgDg7-21eCx33uXwgurKvD8
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame ECC3 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9503273749138252868&x=1&ct=77
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame ECC3 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 12:41:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
15878
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 12:41:19 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame ECC3 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 23:16:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
64139
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 23:16:58 GMT
l
www.google.com/ads/measurement/ Frame ECC3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ1HrY5MgYB92m1Hc_YcN7KlwA-EWUCSwU2y8EI52maf21owhLSEhkJM5zSndqFtYd9Qlp6YPPsu-bp8wHFg3SEYsEHGQ
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame ECC3 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65070
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700193896630564"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:05:57 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 0EB1 		624 B
285 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1n_juFTW_Zf8pIyeffLtWrM8VsVUsgzJTtMqG4QYCB48oi6M62X5bVH4DwEYNWHXXUtSwoo6IiUxPkdYC5ZR_c4jZPE_kGL2UjgTAd2pZUYVBB0SFp5iFBJ8CZQ3exPuI65DbuCU8eRF7f5WhrWNBrt6436G1ESqYzmoNhzuo2igxeEQ
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame C9B1 		92 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32789
x-xss-protection
0
server
cafe
etag
17194431578830737671
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:05:58 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C9B1 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AIqhOTcPCZxGXPSWiStIUEoFNXIsTrh5xlioOP4xHz6Ervobb9_aqw5GahZKjLWbXkkTartUej1R1wjqncZrgu472-n9CdUTc8E9zq_9NvDOEvRLk
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C9B1 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11179778266369395264&x=1&ct=77
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C9B1 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 12:41:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
15878
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 13 Dec 2023 12:41:19 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C9B1 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 23:16:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
64139
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 23:16:58 GMT
l
www.google.com/ads/measurement/ Frame C9B1 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTZ6w6sBFMG5Tlcr6AlBTdbVmkgwVYVaDQlNYNobknBlBIVO3Pbnj3hi3cJzw9ACLLTuvIVpW3MPvAk3p9VUArwolCtYQ
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame C9B1 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65070
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700193896630564"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Nov 2023 17:05:57 GMT
rum
dsum-sec.casalemedia.com/ Frame 2A13
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
43 B
770 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUTU0l6C3pbfNL0Y-CmaxcIZnlKGT5-q7TsWglr4iaUDWRlgTIqQD-36ZwQ-DymFt0nT2PHRsSOjXQT3fnVCxOnPbSaoMBKBikVpELplGeE-bdBoR47CXYhI7LuxylEJAxomyit7BPCWHcnYWMGh6ax40cw9-V8h-vf3Ksgj4jOg7iG6Uo
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fR%2BTWkhGRdaoQXMWmJmQNjhkzIYHori0Uv2aIV%2Bju9TPPWxaIR%2B0R7RTgz106T1ahpiVEuHJJioOT0A8yMlMFu%2FdHqzvlGfNzIIFmQVrKELmK5lFVp5iEEDhDfrNscgoEPTz5lcUXev4NA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82dc7041caf49b69-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 2A13
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWdvdToZxE.gKcOO0GHIlAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1&google_hm=2
43 B
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUTU0l6C3pbfNL0Y-CmaxcIZnlKGT5-q7TsWglr4iaUDWRlgTIqQD-36ZwQ-DymFt0nT2PHRsSOjXQT3fnVCxOnPbSaoMBKBikVpELplGeE-bdBoR47CXYhI7LuxylEJAxomyit7BPCWHcnYWMGh6ax40cw9-V8h-vf3Ksgj4jOg7iG6Uo
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6D2mCnygLlaAmnbtz0pRo14NgadKWCl65BF3ycCE9v%2BFc1cjvvl6qjIuEEGbhYS0XEyfvUVn0FdJptLaGeQFRqrUpTEpW%2F9rD6UI%2B%2BO5ULCnEs0qPV9FkRERSWu%2BfFV%2FYQ4aE63TXKjAew%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82dc7041db019b69-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 2A13
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHJAFGSsAqEOazKZD0w16q8&google_cver=1
43 B
839 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHJAFGSsAqEOazKZD0w16q8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUTU0l6C3pbfNL0Y-CmaxcIZnlKGT5-q7TsWglr4iaUDWRlgTIqQD-36ZwQ-DymFt0nT2PHRsSOjXQT3fnVCxOnPbSaoMBKBikVpELplGeE-bdBoR47CXYhI7LuxylEJAxomyit7BPCWHcnYWMGh6ax40cw9-V8h-vf3Ksgj4jOg7iG6Uo
Protocol
H2
Server
37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
an-x-request-uuid
7ff083bb-3287-4a00-a800-5d7966c3bf75
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
37.58.58.249; 37.58.58.249; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHJAFGSsAqEOazKZD0w16q8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 2A13
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzIxNTk5NzQ2NzE4NDgyNQ%3D%3D
170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzIxNTk5NzQ2NzE4NDgyNQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUTU0l6C3pbfNL0Y-CmaxcIZnlKGT5-q7TsWglr4iaUDWRlgTIqQD-36ZwQ-DymFt0nT2PHRsSOjXQT3fnVCxOnPbSaoMBKBikVpELplGeE-bdBoR47CXYhI7LuxylEJAxomyit7BPCWHcnYWMGh6ax40cw9-V8h-vf3Ksgj4jOg7iG6Uo
Protocol
H2
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
an-x-request-uuid
ea73ae29-2403-498c-aee7-4345dfa48cab
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzIxNTk5NzQ2NzE4NDgyNQ%3D%3D
x-proxy-origin
37.58.58.249; 37.58.58.249; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 0EB1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
43 B
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1n_juFTW_Zf8pIyeffLtWrM8VsVUsgzJTtMqG4QYCB48oi6M62X5bVH4DwEYNWHXXUtSwoo6IiUxPkdYC5ZR_c4jZPE_kGL2UjgTAd2pZUYVBB0SFp5iFBJ8CZQ3exPuI65DbuCU8eRF7f5WhrWNBrt6436G1ESqYzmoNhzuo2igxeEQ
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YuhwVD%2FTojqsuV1UfEsKjhMzhomtQvLDTz5Xn%2Ffg16bdQv0LdEYa30UH3zfnHv7QjY4Zeyih%2Brtm6r4KcK9yvAA%2Bp2iU%2BGUhZIq%2FJOs2k0iZ1xIJblSVRqUVrA98O77n8qSDrc1uU%2FmYtA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82dc7041cafa9b69-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 0EB1
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWdvdZZ-U3EBEBslUiNXFQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
43 B
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1n_juFTW_Zf8pIyeffLtWrM8VsVUsgzJTtMqG4QYCB48oi6M62X5bVH4DwEYNWHXXUtSwoo6IiUxPkdYC5ZR_c4jZPE_kGL2UjgTAd2pZUYVBB0SFp5iFBJ8CZQ3exPuI65DbuCU8eRF7f5WhrWNBrt6436G1ESqYzmoNhzuo2igxeEQ
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t33ftniKrfyCCk6EkBGAXRuN5xW4kDRZvX848CijE9lJ%2BmOzsDXsbZteCl5PTzixhcFDONbMe%2F6P7Wsh7n0w3MPm99x%2BqLpvGMs2%2FhrqakzpqrfNL0u%2BouMsvsOXp7%2BS2blPbWrgToJj4w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82dc7041daff9b69-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEr7xd4vK-fy0d-dMwBYmIE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 0EB1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHJAFGSsAqEOazKZD0w16q8&google_cver=1
43 B
839 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHJAFGSsAqEOazKZD0w16q8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1n_juFTW_Zf8pIyeffLtWrM8VsVUsgzJTtMqG4QYCB48oi6M62X5bVH4DwEYNWHXXUtSwoo6IiUxPkdYC5ZR_c4jZPE_kGL2UjgTAd2pZUYVBB0SFp5iFBJ8CZQ3exPuI65DbuCU8eRF7f5WhrWNBrt6436G1ESqYzmoNhzuo2igxeEQ
Protocol
H2
Server
37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
an-x-request-uuid
c2ee7c4e-c219-4b55-93c7-0f42e408b9a4
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
37.58.58.249; 37.58.58.249; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHJAFGSsAqEOazKZD0w16q8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 0EB1
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzIxNTk5NzQ2NzE4NDgyNQ%3D%3D
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzIxNTk5NzQ2NzE4NDgyNQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1n_juFTW_Zf8pIyeffLtWrM8VsVUsgzJTtMqG4QYCB48oi6M62X5bVH4DwEYNWHXXUtSwoo6IiUxPkdYC5ZR_c4jZPE_kGL2UjgTAd2pZUYVBB0SFp5iFBJ8CZQ3exPuI65DbuCU8eRF7f5WhrWNBrt6436G1ESqYzmoNhzuo2igxeEQ
Protocol
H2
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
an-x-request-uuid
02faf559-5e13-4111-8af1-0c2294139e5d
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzIxNTk5NzQ2NzE4NDgyNQ%3D%3D
x-proxy-origin
37.58.58.249; 37.58.58.249; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame ECC3 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5283428905663&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame ECC3 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5283428905663&version=m202309260101&ct=77&x=1&cor=9503273749138254000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame ECC3 		20 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CbGmCMTTJscQABrPxw0kvnuKvMKSilJukVe7ibeSZiF4v1-wRLFiA6slgENZWc5YELiah2K5ouQ6toYy0ImtdbesjUO953oVCzMIZRlqy8x0_SAqaif2vFJSCm2xNUx6A41md-YBYbzFMMZg_Al7oOWJZF_GEZ7bqbuiMcJL8dXonTkmU&cry=1&dbm_d=AKAmf-D-QwvHGb43mzpAm9HsQx74Yb-dBKUBYoP6cSqdh18pVefQHy3jqHbdfqAkstQ05TDsaZChu6kmr3SgHYRH0CwSYwf-vjOCap_cwaYzzMtSPkz8VVkI0cO5yEy7xr8t-yRLSzFUxuyGCqYR_b-O5y8hxHA5OjN7SLjyi1uu-pJlORdcNShnuI0KQ6T-hpuf-yH7M28BMC3yj6bR6gd3bbwLfFUR507wJEc0IPPr-RZ0jJlWex8pogZz_fec6ABIBzHNb404Ijq4fJvBrfb1KLrB_fytpppVaSpRqsLvSU8h78x19p0rvHg3rLs7tmyG3IU1dKdduKHvb5m2sVvuArqSX8cSlMpyCnkOVhT80UCYUWVT6b9BcLqfk9z4mZQNWVRM2_-KNk8C-PcRsPs9JVo4ByL2Kb3ElPrbc76w4Vq13gYBv8_AuiPoId8sUoZb-UvIL7xsBuxJdvJVdoK07chV31tad_4Fm1KGkOk0nJp0b4ZiIjKhlHkdjapPIhf0gEBoEDV497Gly86isfnrFaLMnGjGySwJn17JcH-W-w8jAE2tqU-62DxJOi86ulLAdGXvgDmffmuVOXiM1K2U2XDF4rmPMYUySHq9SP7_hcbyRaVv26TT2jrrLSPK3kjR3s_bFXWzDIbsCE5JBBGlCLz94PRkcK-zZwT1vI6Tdk2SV6fe-t32JeLU1Wbfe56M8_XtBsGnCnHwYQFmu7EVhsgH9Frko3N06ncj1Y-GklKO-4WiRQvloFpCJ3fn9kYUIhem9n_D05m3CzldLcE1e0AIVCaiiw0kOCdx_3QOX5J2Skpkj-3v1Lxggv1T-C9YwVWkKbkffdnMjFCnZJJRdrZynBqFIJpDVcpiXhYuhXKbKqlP7Ibt1iiAaj4kXesqOVLSN1_7nlV35tfy9T-pPVVTJwskQWfoUZGbUfv2cchwkR7cMEV4YDEfBnlMCQ2uTLA_umTpfEzNA8tKFsjA2m7Rgmb0NfYW0aqqFBLU9KExuhbrkL0tydQoy7tCx1FNpP5UcsA0NhCIQbfLaEgbb9BEYEENbOWZeG1vOKrsVLPTzm7Nl1c7iw3UN_AU9QEgYucXb7QucWPfSPskK1fBPgZYgqvHeOwz7HNYwfcxqbE9GKQmBZ27l_qgqX8iMhjaTDRDcHG-_SgHU_VE8oMLtTw6l1Xi7Ne78XrIoEF63i4R6AqqAcCaaF_PyfvfmxY2SceNoc4A2sk3qQwBKPy0T1cV1zXcwFgJ87sq6_KBusitVnx0cpx_RpJ5a4qeTQz8tCsL6uyjCQ2azGA-B87vjTggVspltOWVkqeGxBinvWOQz4voQH96_lEyKoaB_ZUGsVGU_547Swifsn-LlIAVsafNgBerGx0A26UB8t8r-cgge2EzQdfwho3xUyV_JRKwzvRdaGUNm88Zv9Q6xTg1va1Ejd3LRQQdq3cyeUy29O2wslZ5b1iG_tK-owJCASVwmr0HSEqdxcEsd5woV4U3fCFexmMOY1YgtV1jyJcU6vPYdnMAxh2UIB-_xvhPe-Dlz79E8bO76nX5icoTkUqNQJYcLqIdU9CJbjZEepc32Gx5dQiOf8mBTKii-i-rGWaKfjUnavckx5vRKYJBqltCxUVhdrji591nC6y4nohjSMcWMFVXXoSiFQk3NVjcH7pFrtyDgHRwKdk9dWckJkiPQkH0eHnZfN4cQbnAFw66DEXtQ_rqYcB6FgUCccnmXeAJI6ZZNiXTi2puSKMLvAGrgMwP_vU4et38u78ZEG1FOfwWB8n3NQptIwZVHIx839y5q_K299Xt3YFKuPzMt4Nlr1f8jRj6Y6k01DmJ6fz1iFKN6I-cPDM0MjY1hnCKH4s800zIqwtCvEONZ4ONKcEIXAf5hABN2ln5yJZNNBP4LGGGE3uZSznPZp3SQlOiCeUzhqnh62YJwSMEbvGcN-CldjMi20laLsU-8WQea9OtagrjaVlOvf_gBVtcfNqZauWcvRDfvsSEJbyt_hsRQ7IFYYzB3NvHwxoH4AErB5Sf7UZdpzF1IUDYdDSLoyU3_23E2eSx3ilmq0wGkSB6LESuB8nzsGq-DHvKRU_K1LKkaCZxW1kq6say_fIe6cgf7KLOH9om-J6Y_IMWdI0INroqy8KX_O7iGTLJX3laxH6KvtLnqSofUv5SsMtglVa-4kwgsumJA5qOYpVfHJYZgoWRwjUMsUk0_TT3h8xVDkf-i6hQ220j6_3IMpzNzsOhCystuRA41a6g0WDHbjHOpDJD6CSCHRTEAEQ9VlOa6zf_hMzBrc4vwyrvwB6cH8gqka-mMgkZVvXPvhb_igajNYYWeQ_5Kxu4ZYan78QfeeVf5GNLnBc7wKcv3qG5mzP0E3PKEVHu9MJXumvHiI42CBuddUam4VgyucyvCRWhDoQrSBsMsfCuwvWlnyttENelZjLSTA31CJSVQ7M6laSDxRibKiX6MORg6-rexJIX8R_WEHesiAN4DYQ5Hkhvn3DGJrmNgwrgQ-ZtvktxH3r-ihSoooGAZt_1m9-Kue-8BotNDwnoQxI5vDyBm7tjt0TzVTZLX_FO-KVG4TIrKGIzFpBOIMG2obUDQcdfwurRpSn9GZatW46bnJtZ6asyuahX41qFBcvjKwmEcrDEN2AT2THj26fvjW0DGuBd5NilLGJwSSwTT11RJ4DYDL5AMZo5Q_KGRDHIWX7p2miAmWa7cx2e_kpDUhbGGKenS2Fx72SMVL5-RZ4WF7vxHanVr6CG69TIhkoTgZ6mS1qjM5Jedozw02BW2Y8TU-LbB6HshM7T3NjE7xyNwCYIewZoTKCeWBonJtqJRW0W4q11hrH93oV1DokrzPTeFrFfm-bCP57pe-hyI3VOyzUaoJ3p0gPorg1P4UOpPnNZtEUCKcbk8cWMcd92p4IP5JOyJJ6JLUcZGJTL0wHA3OTRyuKpF4lLMvdevePcUjoSX-abW9W8MfdBszVxsrMPTZFZUMBOisurmzm8OXGaBZc0I1YBm_LbtuSLHlEjpdZ1F_nkg-rcNTkBRFdyTVSawWXFTOLefJx1E-eC2BMizD3oIrrt_tAma1V-T0_ez9AdceZRjeZoNmFkYS5OBkmYL_InYXVN2IH4KI5s-WVyrRzmqLgxOKJZ_fjgQmcgKzZJef7g3x3pNj6VJDNiku0ePhGSoCJ_8MsIkffunNzsGrbKNItAZ1qoeT7FTo7xfGq5T06XF8lnEAkcgeZaqgdCjBkFbvIgTMjWujcI6ObUZNxQYmGBlzD55247hBpARy_wb3-2mI8x4ZQdn5t1CgZqJCMrqFOBNHiubrBX4vNgpaSQtje1WWBsRNA3Z5XSheEi2ew75WcnM8wtLMfrhYjTmBZix6cJuygx9OEAZ9a0Hf1jRvWan21-JXW9M4ocMKAWv_Gs7-4ZJ9jcBdS1-M6i3G6RSF0kOESksXCjR36-UDYII7LZrGp3d7g3uslfxkxA_Ba8fRyCSVE8327Sz2Tlkv0wnasL9CmxZD4QzbMTihjRdoCcpMWS9QVK_1TMr9FQFuM3Nyqq0jWEAN7JXzUpBjB5TypBcboNYD-1B8k-wksDOod3FZyDkT2A8eDK3UXiR8OrJOPzIexotY_aZIOv4WsAmhcxby2p55J6RKibHXR0eQxUHF7ULC0HRtsYpHl7-UnTbGQpBpx6tWNzx-erDAgnSPLj5nOKPO6ZKFwepc2zAutOrzmRG2biocbMn3GtzGLaF6OLisQEdW_yKOKdBe8HbucGCkfZHwpmdWmdsfTFfBh_Jz7Uble-6aJ1bHJZBDvNC7MLPLAz0hLLcUowcrLRotTfRbdxYoSGgc9Tp5R0nLtX6nZJF0rN0X1FOMpyKo2sh7TCqZye2dZrknesK-n4aAzdN_HeL25gw9v3iHhgXaXibjeMJU-2Mk8E2cYRAa1RlIXJa6etOs0m7HTSymjUzFBlJzIQBzjM3FrNci1ytnpKJ3zuu660pSz3t-ZQ1UlewUVS_PBi7XxyzPWuv1-tJFY-IHAbvEWC9Qj_5PdwX17BpuaQuovJPimf49I-IlQ_MkwEWhdqEQfd15YkHjLRHo3LhH-RRudFTT-KqAWqt-w26EefvXichNVwJYOLmXoVx9bvFci_9TcoRVCh-Xct1S4oUGf9aA8ENa38yHU0DgUWySF4AsAu8g8gtBqQP19zxXlwpJj6WCpi073N78ZNaoutMGtiKMygZtqCNisYXTRqjS6ktogFvnWBAV0R&cid=CAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fuintacountyherald.com%2F&ds=l&xdt=1&iif=1&cor=9503273749138254000&adk=943508955&idt=110&cac=0&dtd=9
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
73fca04bf02a7b839b2dcfb516a89276457a9fb19b2b98d383ed23ab871e126f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13783
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C9B1 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9916823695171&version=m202311060101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C9B1 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9916823695171&version=m202311060101&ct=77&x=1&cor=11179778266369395000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame C9B1 		20 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DW7Q4ut-FngtBBiXC49XzIZl8v7hh9wHpxqtUEGjMoexUgC_loyAVfYzUxwCMqBZcB2akTGtH-cZi9HV6iuJ-KukCh_6bRpeLS7nTeDPk0yRPG2GBf7o2KA9McwVbsq3K_FahPIy5XjXDgvWnHvFM2etEc7KayiYAr3d_cLkcewqS-qHU&cry=1&dbm_d=AKAmf-CvEbI0LlfzshqfxiAMi4Fh5IPRdE51kjj55Izc7WWdAuK4b4NoA2Ct5DpmOfhGZjkICeKig0o7nZPwgWQZZm-s8ThVn-JsuYpNmO-lX4P2ejsTS3ZxUmiMP8kf2vWT9Tt27rvkU1klLExWi9yAK7VNBBuw8PtrslWkTyWDXdeR2z8wre9F0dixNRGNd_VVYKLA5gv0BTovKYdPt7WX74WdqXPtgM_iUOfQ3gHFCKhtB4Ug1gGx7LOioxK1sFJP7bfrp2SJWs3lkc951CBECaqFRLjm1P8-tUx9SviYSi-klivUDifD4OuGFlLT64ArORLPQJ-jxxnXnFFXveJ0cuwcV4fLI38WncWE4Qn5C9A2s7YWSL5CKobilT9q_w6mo-P6-n6jJwYba-Wuz0bcw1zNZhggIYD6aLEJDnLvunupVGiqbpP8SJCeuEWEgY2Az5656HtO5HnC4fZx-P9_VJfxL-_7c7khjohc_NBWlg21tOBabDfQVMlGCACrCIhPgGynJAGsXDxHNwjtEPJHBC2eU-rqsSwAknNqLRz4mFFkk21BVNVi5kpXOK6U-PKgypFt7PbdTTqgkuI2Uag9awaCQJCWOwywcCIq1_t01bte_-vXbfQEy_aCgv02ov37jp91wh_1LJE4kvZogY5D2y4ByUd4iLKg2bqPqxHnMOXObF61iTJmawBEhJeEI7xhUeeGSpmGjeLnG_cjq_sGcCZqgp1X6VhkhL1cbmiFGP7x-bdlWZuFFNCWMl91IDCqUEFe-mLmISLU6On1xvBNK_LwVTgTluW927A3st6utfGP9O1YMA5ieHEh-8gM97WlJ_X7_50f3AUnmFtv7AZRszMJtipNmkv3-UHjQqp3Z7-93hXPRnbGjI6P4E3JZVnQsySBAcObYDM8rcYplpvnlYj5XNYSAeKStkR3zIHUIeZgxFywA9Q9vT95M03KIQZFmjIOzAB9ZJKdcAJ44WVPUM9CLhFCWhiX6tHRCRUMD4V9COZkSLPRhdQJ5Np03rAh0hKqpWy1BBFgQTZSFw6caqtEdG6FPwtkLAF-fcdDGSPoTuMRDiYSkDYYEzLfXtvqQx2N8b5FD0zUKSm74qE72b8naVCk7R6Vj25P1tIDaBCBKury2SfXmHnjPT5Un7gFK-NYya4elp2OcqrUk_u2pyF8Thj2b78lD8PnWI5W891pHXnoZOVXhAj42Z-KYbje8iP7xVsuSsv98Z2XNlDo2Hd7sMCy_eO97fZrFGb2YTBscqYtUodC1pk16Caln50ClCtS3fZfOFseDXwQriZuUqqDlQcEs2QYBhhD91PVvH6sm-f7YpeQA3SpxjoGdq5vx8AaVsfj4tKXbJhPrII2vEc1M8r1roJoGrFndUMseUhbVbmc-VZ8RrVSvT2ypoMkg7-VQ6vLEyS68t6i4OHXKx7EHuj83tvjLOH1CfSIUeq0V86auxwmNjMWHukmrN7PlQPaJ0m0oiXrRbgtxKW7BTdW2R3DdyUPkNYgHaJDshdxW1c7NJhxKhgkA7QXRZdAebb8_K3EsC5s0fR-9wImBj6Xb3LpQvvGNf-wLYZ-jhcc66R3-6vTO0iHjaWjhyU-12WOFqe913QcDYfKsFbMoWG_Fzow7cpz_x1YTDHXoMZTB3AixMn2UuaGoVtMJhXBPGDDnvXvmvH13B2o2aXQMDboayZghEMjFaPC6WEzDBlSQFqRJ3poX5FYtFrDKkUXk3FhMsiJpeW9yDm-_A_-hFXvvARHishtwUwTOYeNz7mZOZOIFJWAidWo3zpYC4f1nuxZMidzzYDArpj3k4x60MoAlISkKx5BwGIQo9Y8YByn0OCT6U3HtBR0UOhfFT7z5Sz1c_hxFCT_QcT8vGnIBKgbAR8BNXhVsxUE8HHIqheU-zba6hq1P0UJ2AejkCyC_FeT0_XcSs36dokKy094uKpC0EeaEKvTNO6U5vcdsI6AVSkMsre-l2xjetc31PyD-3RY1JNdNfL6N0fIdh20CR2_20Fdw9dHjRENYbwOwYeTCutNVMx8L52aZMSZms0ulfbgaIJDbzmhWA9RikcT3GvRQGUR9VsfsBN_-qclxEHW8TDQcMwBTCCJ_9-w7yDvfuDDkUCdt_gTnIBbRs9-V8cHyWp3GU-9dOdOesdbwoA3Oqyin4qgUkaozFLrpP_sJhjgtN7JsBxw8oZPln-bJRCqlDsDUUaQxLsEtA2u5dRFWuaWBrG8qdEXABN7XymSbLoULNUfynDOjst25woSo0L5hzVjrCPupm6vKQzGtloZG3C5RBcTFuGl2GWV-t2k2lBjPhsWhtYylIYBfB13TZQPT5UZMTvLSCSZAIl8TxAxR9CpbxxVtx2CgTuZ_6cwfVtBgOIkj6_6IeXTA2YpEjlIqBy0GV0C6bIBZnG6M1b8zX4xo_wY0TQ3WkFLuvCDSsvI5zJnlcCv3mQsRNE40DzMImCfZdy0rPihxSAfg-xlVveqIX8-qQ5nrjwY94-lueKGHtwwWLwRWjm7jgh2DFvcBkFGJCJZnv_VtHC9NPVw8jILah6HaesOBxpUgusZBXyvCu8ispDg-ZU5XD8kl4fQaVTuh2lTANXsoe7EKImnjGtrnXKH6LLaqr3NhSgQGXlffKcAHpYrWgnG6cTPkSEK_QyjCz-gljXETwiuGEKJh7ahqdaT-0G5-XqShmOh-oCDcnBKj5kn9jZ7Ti0-jfZVyRnj8YeJkWuMq6TRbmhAOoSnpUTVwEwGzE7gdEMGN6HNWjVbDACwNr5htjubKXHbo_q7bKhk20VshZWsUONcB6Di9zbAgmbi56RPtGNixX4k2evv_ZAD6GXzki-dU8iL1MVzCaSSYhwvFtd5wFy9K20-Es15wBoW0-4dbVea8sVHlyfTdDDvp0zS4SPz_6gtL5kCzxGKTcFTGtkRbSLH0g_RHVI5ifzWA_xsFFcn3tEQGAoKaB7343b3wnohDmoU8vDJQmq_fpC5Gn_ivpx4_0WXhNrJiGIidCI_E-AEsociLWzwCrccQx06gWnfj3yZh-OrkHUDoaKYHxEvQdq2aLU0PVca17YIWrpk9-yxPgTQU1pS2vAvYITKlSYwI7yyi6faYY3dZL4CfrTVJGbRk88aobpv3z1O9G3HQcdNCMjU9EzCpmuEK5bPHnp4M0-f3_RIfADYlTMKVBJRwSwOD1ez123JHRfsNhX3zb24kAqX3sHtc2yUTh1YQcU9UAfece0Euh92yzGkn9cLqXOcN81i3z8cKK06MyggXWngq9mei0awo1i9my4ELzMdnihSkW68H9JHI2939IzK6iHd3wnW2Byfi1CDjwc3pnWJB5ac37KgLNazd8KwgDA3Z7Kb79cGX4KbYzrSgJ4N8A1OL7GoNBagocBRlb62WeEElfv5e52YzqNproLhve83H5TVTTblMHj3vgrOYV1B8oVw29mbOz6vFtjCOFZhTIBD_1WvuBO4e2NGsy_2WNgx86QKe8tHFS7s1fWNUINiHHcFaM1fzMTKeyuzJoPb7dsUzs29pfhhM9BErso5ACtcz6i42jSfK61cKOJrI_2gn6rLPQsgogxaDVxHZkzrcCrbKHpy5P6wsziQfGoXIy6VOn7Wg5f9nUg85INdsSld5Wu1ZoZiJ7ecRxJR2GCv-h1XEO26M0zOONfzYai92DRT-FaFsiDVt7MUCFL5qid2wVoCiKwkJlxYUdSDP4rjzYASKqpdOatbQzR0D7vfoyC1c-2EQJHKiFURZuE37tibxWLqJlfTJLv5ao6r3RLkdAhjmEsJAplLBnHHmoz_vfgskaZWrlyJBgGUbjJlT05QyG28pFIUSgtPcyBvaqt0VkNCyqjyyc_pHAWT_bOUSdSX3qi_j-Ev3UDl2sVloY7xKbaTUr2J3vr3FGma_rLa2iHUkx1DsTC1FFpZzVi5b1rvvHri9XR88bNun3GpjVhEXcphwIpd07AnZkcGPXL2ozwf-FFXixv0anXKVcgRDmFi9xgSKt9MKHIkB1Rzn-eMpzH1d-4Zv5j_GfrgeO2kOBxd1x8WwbF2IIesMDu8QINjMBIOEU-WVGryu3D0F7t9iQEE7iZ8PUx0fFnYeEGf5x49Da6qoaygZYtQW0UgXfJoh57m5GatGON4wa32eHcX-WNa_kUnFMCKDr00NFzVyBnG5eKyR7c8bQ2n2_IaNxk2suE_i-xLDJt_3aIvkOd-eDMGgx3S4d07SHcS6NfcX-UHhJimTHhL&cid=CAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fuintacountyherald.com%2F&ds=l&xdt=1&iif=1&cor=11179778266369395000&adk=3690638929&idt=183&cac=0&dtd=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c29f62b0d248841fad109970af8ae43b6f13614bbc13072767770b947ca5e92c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13957
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame ECC3 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CbGmCMTTJscQABrPxw0kvnuKvMKSilJukVe7ibeSZiF4v1-wRLFiA6slgENZWc5YELiah2K5ouQ6toYy0ImtdbesjUO953oVCzMIZRlqy8x0_SAqaif2vFJSCm2xNUx6A41md-YBYbzFMMZg_Al7oOWJZF_GEZ7bqbuiMcJL8dXonTkmU&cry=1&dbm_d=AKAmf-D-QwvHGb43mzpAm9HsQx74Yb-dBKUBYoP6cSqdh18pVefQHy3jqHbdfqAkstQ05TDsaZChu6kmr3SgHYRH0CwSYwf-vjOCap_cwaYzzMtSPkz8VVkI0cO5yEy7xr8t-yRLSzFUxuyGCqYR_b-O5y8hxHA5OjN7SLjyi1uu-pJlORdcNShnuI0KQ6T-hpuf-yH7M28BMC3yj6bR6gd3bbwLfFUR507wJEc0IPPr-RZ0jJlWex8pogZz_fec6ABIBzHNb404Ijq4fJvBrfb1KLrB_fytpppVaSpRqsLvSU8h78x19p0rvHg3rLs7tmyG3IU1dKdduKHvb5m2sVvuArqSX8cSlMpyCnkOVhT80UCYUWVT6b9BcLqfk9z4mZQNWVRM2_-KNk8C-PcRsPs9JVo4ByL2Kb3ElPrbc76w4Vq13gYBv8_AuiPoId8sUoZb-UvIL7xsBuxJdvJVdoK07chV31tad_4Fm1KGkOk0nJp0b4ZiIjKhlHkdjapPIhf0gEBoEDV497Gly86isfnrFaLMnGjGySwJn17JcH-W-w8jAE2tqU-62DxJOi86ulLAdGXvgDmffmuVOXiM1K2U2XDF4rmPMYUySHq9SP7_hcbyRaVv26TT2jrrLSPK3kjR3s_bFXWzDIbsCE5JBBGlCLz94PRkcK-zZwT1vI6Tdk2SV6fe-t32JeLU1Wbfe56M8_XtBsGnCnHwYQFmu7EVhsgH9Frko3N06ncj1Y-GklKO-4WiRQvloFpCJ3fn9kYUIhem9n_D05m3CzldLcE1e0AIVCaiiw0kOCdx_3QOX5J2Skpkj-3v1Lxggv1T-C9YwVWkKbkffdnMjFCnZJJRdrZynBqFIJpDVcpiXhYuhXKbKqlP7Ibt1iiAaj4kXesqOVLSN1_7nlV35tfy9T-pPVVTJwskQWfoUZGbUfv2cchwkR7cMEV4YDEfBnlMCQ2uTLA_umTpfEzNA8tKFsjA2m7Rgmb0NfYW0aqqFBLU9KExuhbrkL0tydQoy7tCx1FNpP5UcsA0NhCIQbfLaEgbb9BEYEENbOWZeG1vOKrsVLPTzm7Nl1c7iw3UN_AU9QEgYucXb7QucWPfSPskK1fBPgZYgqvHeOwz7HNYwfcxqbE9GKQmBZ27l_qgqX8iMhjaTDRDcHG-_SgHU_VE8oMLtTw6l1Xi7Ne78XrIoEF63i4R6AqqAcCaaF_PyfvfmxY2SceNoc4A2sk3qQwBKPy0T1cV1zXcwFgJ87sq6_KBusitVnx0cpx_RpJ5a4qeTQz8tCsL6uyjCQ2azGA-B87vjTggVspltOWVkqeGxBinvWOQz4voQH96_lEyKoaB_ZUGsVGU_547Swifsn-LlIAVsafNgBerGx0A26UB8t8r-cgge2EzQdfwho3xUyV_JRKwzvRdaGUNm88Zv9Q6xTg1va1Ejd3LRQQdq3cyeUy29O2wslZ5b1iG_tK-owJCASVwmr0HSEqdxcEsd5woV4U3fCFexmMOY1YgtV1jyJcU6vPYdnMAxh2UIB-_xvhPe-Dlz79E8bO76nX5icoTkUqNQJYcLqIdU9CJbjZEepc32Gx5dQiOf8mBTKii-i-rGWaKfjUnavckx5vRKYJBqltCxUVhdrji591nC6y4nohjSMcWMFVXXoSiFQk3NVjcH7pFrtyDgHRwKdk9dWckJkiPQkH0eHnZfN4cQbnAFw66DEXtQ_rqYcB6FgUCccnmXeAJI6ZZNiXTi2puSKMLvAGrgMwP_vU4et38u78ZEG1FOfwWB8n3NQptIwZVHIx839y5q_K299Xt3YFKuPzMt4Nlr1f8jRj6Y6k01DmJ6fz1iFKN6I-cPDM0MjY1hnCKH4s800zIqwtCvEONZ4ONKcEIXAf5hABN2ln5yJZNNBP4LGGGE3uZSznPZp3SQlOiCeUzhqnh62YJwSMEbvGcN-CldjMi20laLsU-8WQea9OtagrjaVlOvf_gBVtcfNqZauWcvRDfvsSEJbyt_hsRQ7IFYYzB3NvHwxoH4AErB5Sf7UZdpzF1IUDYdDSLoyU3_23E2eSx3ilmq0wGkSB6LESuB8nzsGq-DHvKRU_K1LKkaCZxW1kq6say_fIe6cgf7KLOH9om-J6Y_IMWdI0INroqy8KX_O7iGTLJX3laxH6KvtLnqSofUv5SsMtglVa-4kwgsumJA5qOYpVfHJYZgoWRwjUMsUk0_TT3h8xVDkf-i6hQ220j6_3IMpzNzsOhCystuRA41a6g0WDHbjHOpDJD6CSCHRTEAEQ9VlOa6zf_hMzBrc4vwyrvwB6cH8gqka-mMgkZVvXPvhb_igajNYYWeQ_5Kxu4ZYan78QfeeVf5GNLnBc7wKcv3qG5mzP0E3PKEVHu9MJXumvHiI42CBuddUam4VgyucyvCRWhDoQrSBsMsfCuwvWlnyttENelZjLSTA31CJSVQ7M6laSDxRibKiX6MORg6-rexJIX8R_WEHesiAN4DYQ5Hkhvn3DGJrmNgwrgQ-ZtvktxH3r-ihSoooGAZt_1m9-Kue-8BotNDwnoQxI5vDyBm7tjt0TzVTZLX_FO-KVG4TIrKGIzFpBOIMG2obUDQcdfwurRpSn9GZatW46bnJtZ6asyuahX41qFBcvjKwmEcrDEN2AT2THj26fvjW0DGuBd5NilLGJwSSwTT11RJ4DYDL5AMZo5Q_KGRDHIWX7p2miAmWa7cx2e_kpDUhbGGKenS2Fx72SMVL5-RZ4WF7vxHanVr6CG69TIhkoTgZ6mS1qjM5Jedozw02BW2Y8TU-LbB6HshM7T3NjE7xyNwCYIewZoTKCeWBonJtqJRW0W4q11hrH93oV1DokrzPTeFrFfm-bCP57pe-hyI3VOyzUaoJ3p0gPorg1P4UOpPnNZtEUCKcbk8cWMcd92p4IP5JOyJJ6JLUcZGJTL0wHA3OTRyuKpF4lLMvdevePcUjoSX-abW9W8MfdBszVxsrMPTZFZUMBOisurmzm8OXGaBZc0I1YBm_LbtuSLHlEjpdZ1F_nkg-rcNTkBRFdyTVSawWXFTOLefJx1E-eC2BMizD3oIrrt_tAma1V-T0_ez9AdceZRjeZoNmFkYS5OBkmYL_InYXVN2IH4KI5s-WVyrRzmqLgxOKJZ_fjgQmcgKzZJef7g3x3pNj6VJDNiku0ePhGSoCJ_8MsIkffunNzsGrbKNItAZ1qoeT7FTo7xfGq5T06XF8lnEAkcgeZaqgdCjBkFbvIgTMjWujcI6ObUZNxQYmGBlzD55247hBpARy_wb3-2mI8x4ZQdn5t1CgZqJCMrqFOBNHiubrBX4vNgpaSQtje1WWBsRNA3Z5XSheEi2ew75WcnM8wtLMfrhYjTmBZix6cJuygx9OEAZ9a0Hf1jRvWan21-JXW9M4ocMKAWv_Gs7-4ZJ9jcBdS1-M6i3G6RSF0kOESksXCjR36-UDYII7LZrGp3d7g3uslfxkxA_Ba8fRyCSVE8327Sz2Tlkv0wnasL9CmxZD4QzbMTihjRdoCcpMWS9QVK_1TMr9FQFuM3Nyqq0jWEAN7JXzUpBjB5TypBcboNYD-1B8k-wksDOod3FZyDkT2A8eDK3UXiR8OrJOPzIexotY_aZIOv4WsAmhcxby2p55J6RKibHXR0eQxUHF7ULC0HRtsYpHl7-UnTbGQpBpx6tWNzx-erDAgnSPLj5nOKPO6ZKFwepc2zAutOrzmRG2biocbMn3GtzGLaF6OLisQEdW_yKOKdBe8HbucGCkfZHwpmdWmdsfTFfBh_Jz7Uble-6aJ1bHJZBDvNC7MLPLAz0hLLcUowcrLRotTfRbdxYoSGgc9Tp5R0nLtX6nZJF0rN0X1FOMpyKo2sh7TCqZye2dZrknesK-n4aAzdN_HeL25gw9v3iHhgXaXibjeMJU-2Mk8E2cYRAa1RlIXJa6etOs0m7HTSymjUzFBlJzIQBzjM3FrNci1ytnpKJ3zuu660pSz3t-ZQ1UlewUVS_PBi7XxyzPWuv1-tJFY-IHAbvEWC9Qj_5PdwX17BpuaQuovJPimf49I-IlQ_MkwEWhdqEQfd15YkHjLRHo3LhH-RRudFTT-KqAWqt-w26EefvXichNVwJYOLmXoVx9bvFci_9TcoRVCh-Xct1S4oUGf9aA8ENa38yHU0DgUWySF4AsAu8g8gtBqQP19zxXlwpJj6WCpi073N78ZNaoutMGtiKMygZtqCNisYXTRqjS6ktogFvnWBAV0R&cid=CAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fuintacountyherald.com%2F&ds=l&xdt=1&iif=1&cor=9503273749138254000&adk=943508955&idt=110&cac=0&dtd=9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 18:05:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
428450
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 18:05:08 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NzU1ODAyMDcyMQogIHNlcnZlcl9pcDogMTI2MDYzOTMyCiAgcHJvY2Vzc19pZDogMzE4ODQ0NDM3Mgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame ECC3 		0
859 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NzU1ODAyMDcyMQogIHNlcnZlcl9pcDogMTI2MDYzOTMyCiAgcHJvY2Vzc19pZDogMzE4ODQ0NDM3Mgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxNjE3OTY0NTgxNTU5MDI3MDEwNgpkZWJ1Z19rZXk6IDE3OTM1MTUzODUyNDI0MjcxMTgyCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMS0yOSIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc1ODk5CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDcwNjcKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FkLXNydi5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9rbGljay13ZWx0LmRlIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f134.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xdcef201938bdf00c0000000000000000","13":"0x944de669759348fb0000000000000000","14":"0x78c55fa5da1cfd1f0000000000000000","15":"0x916ce007a7878bec0000000000000000"},"debug_key":"17935153852424271182","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"16179645815590270106"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
iju9wczm8trb
hal9000.redintelligence.net/zone/ Frame ECC3 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1701277557573416&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.150.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
d9933ec423930f1615d6aa1cc84acc90eab1a6f46b54a87c30a5fbf51697d353

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:05:58 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
4273
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 3D3D 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
308838
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 26 Nov 2023 03:18:40 GMT
expires
Mon, 25 Nov 2024 03:18:40 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 3D3D 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:19:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
2767
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 28 Nov 2024 16:19:51 GMT
request.php
hal90002.redintelligence.net/ Frame ECC3
Redirect Chain
  • https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
  • https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=9633963709823&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
HTTP/1.1
Server
46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.47.10.4.46.clients.your-server.de
Software
Apache /
Resource Hash
7cb1059c2a8e87dcb30c7974fa68d2c93fa16802dad09c4158dd1feca5b2cc3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 29 Nov 2023 17:05:58 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type
application/x-javascript; charset=utf-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
50068900152000104444554012523002
Connection
close
Content-Length
1364
Expires
Wed, 29 Nov 2023 17:05:58 +0100

Redirect headers

Pragma
no-cache
Date
Wed, 29 Nov 2023 17:05:58 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=9633963709823&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Length
0
Expires
Wed, 29 Nov 2023 17:05:58 +0100
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame C9B1 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DW7Q4ut-FngtBBiXC49XzIZl8v7hh9wHpxqtUEGjMoexUgC_loyAVfYzUxwCMqBZcB2akTGtH-cZi9HV6iuJ-KukCh_6bRpeLS7nTeDPk0yRPG2GBf7o2KA9McwVbsq3K_FahPIy5XjXDgvWnHvFM2etEc7KayiYAr3d_cLkcewqS-qHU&cry=1&dbm_d=AKAmf-CvEbI0LlfzshqfxiAMi4Fh5IPRdE51kjj55Izc7WWdAuK4b4NoA2Ct5DpmOfhGZjkICeKig0o7nZPwgWQZZm-s8ThVn-JsuYpNmO-lX4P2ejsTS3ZxUmiMP8kf2vWT9Tt27rvkU1klLExWi9yAK7VNBBuw8PtrslWkTyWDXdeR2z8wre9F0dixNRGNd_VVYKLA5gv0BTovKYdPt7WX74WdqXPtgM_iUOfQ3gHFCKhtB4Ug1gGx7LOioxK1sFJP7bfrp2SJWs3lkc951CBECaqFRLjm1P8-tUx9SviYSi-klivUDifD4OuGFlLT64ArORLPQJ-jxxnXnFFXveJ0cuwcV4fLI38WncWE4Qn5C9A2s7YWSL5CKobilT9q_w6mo-P6-n6jJwYba-Wuz0bcw1zNZhggIYD6aLEJDnLvunupVGiqbpP8SJCeuEWEgY2Az5656HtO5HnC4fZx-P9_VJfxL-_7c7khjohc_NBWlg21tOBabDfQVMlGCACrCIhPgGynJAGsXDxHNwjtEPJHBC2eU-rqsSwAknNqLRz4mFFkk21BVNVi5kpXOK6U-PKgypFt7PbdTTqgkuI2Uag9awaCQJCWOwywcCIq1_t01bte_-vXbfQEy_aCgv02ov37jp91wh_1LJE4kvZogY5D2y4ByUd4iLKg2bqPqxHnMOXObF61iTJmawBEhJeEI7xhUeeGSpmGjeLnG_cjq_sGcCZqgp1X6VhkhL1cbmiFGP7x-bdlWZuFFNCWMl91IDCqUEFe-mLmISLU6On1xvBNK_LwVTgTluW927A3st6utfGP9O1YMA5ieHEh-8gM97WlJ_X7_50f3AUnmFtv7AZRszMJtipNmkv3-UHjQqp3Z7-93hXPRnbGjI6P4E3JZVnQsySBAcObYDM8rcYplpvnlYj5XNYSAeKStkR3zIHUIeZgxFywA9Q9vT95M03KIQZFmjIOzAB9ZJKdcAJ44WVPUM9CLhFCWhiX6tHRCRUMD4V9COZkSLPRhdQJ5Np03rAh0hKqpWy1BBFgQTZSFw6caqtEdG6FPwtkLAF-fcdDGSPoTuMRDiYSkDYYEzLfXtvqQx2N8b5FD0zUKSm74qE72b8naVCk7R6Vj25P1tIDaBCBKury2SfXmHnjPT5Un7gFK-NYya4elp2OcqrUk_u2pyF8Thj2b78lD8PnWI5W891pHXnoZOVXhAj42Z-KYbje8iP7xVsuSsv98Z2XNlDo2Hd7sMCy_eO97fZrFGb2YTBscqYtUodC1pk16Caln50ClCtS3fZfOFseDXwQriZuUqqDlQcEs2QYBhhD91PVvH6sm-f7YpeQA3SpxjoGdq5vx8AaVsfj4tKXbJhPrII2vEc1M8r1roJoGrFndUMseUhbVbmc-VZ8RrVSvT2ypoMkg7-VQ6vLEyS68t6i4OHXKx7EHuj83tvjLOH1CfSIUeq0V86auxwmNjMWHukmrN7PlQPaJ0m0oiXrRbgtxKW7BTdW2R3DdyUPkNYgHaJDshdxW1c7NJhxKhgkA7QXRZdAebb8_K3EsC5s0fR-9wImBj6Xb3LpQvvGNf-wLYZ-jhcc66R3-6vTO0iHjaWjhyU-12WOFqe913QcDYfKsFbMoWG_Fzow7cpz_x1YTDHXoMZTB3AixMn2UuaGoVtMJhXBPGDDnvXvmvH13B2o2aXQMDboayZghEMjFaPC6WEzDBlSQFqRJ3poX5FYtFrDKkUXk3FhMsiJpeW9yDm-_A_-hFXvvARHishtwUwTOYeNz7mZOZOIFJWAidWo3zpYC4f1nuxZMidzzYDArpj3k4x60MoAlISkKx5BwGIQo9Y8YByn0OCT6U3HtBR0UOhfFT7z5Sz1c_hxFCT_QcT8vGnIBKgbAR8BNXhVsxUE8HHIqheU-zba6hq1P0UJ2AejkCyC_FeT0_XcSs36dokKy094uKpC0EeaEKvTNO6U5vcdsI6AVSkMsre-l2xjetc31PyD-3RY1JNdNfL6N0fIdh20CR2_20Fdw9dHjRENYbwOwYeTCutNVMx8L52aZMSZms0ulfbgaIJDbzmhWA9RikcT3GvRQGUR9VsfsBN_-qclxEHW8TDQcMwBTCCJ_9-w7yDvfuDDkUCdt_gTnIBbRs9-V8cHyWp3GU-9dOdOesdbwoA3Oqyin4qgUkaozFLrpP_sJhjgtN7JsBxw8oZPln-bJRCqlDsDUUaQxLsEtA2u5dRFWuaWBrG8qdEXABN7XymSbLoULNUfynDOjst25woSo0L5hzVjrCPupm6vKQzGtloZG3C5RBcTFuGl2GWV-t2k2lBjPhsWhtYylIYBfB13TZQPT5UZMTvLSCSZAIl8TxAxR9CpbxxVtx2CgTuZ_6cwfVtBgOIkj6_6IeXTA2YpEjlIqBy0GV0C6bIBZnG6M1b8zX4xo_wY0TQ3WkFLuvCDSsvI5zJnlcCv3mQsRNE40DzMImCfZdy0rPihxSAfg-xlVveqIX8-qQ5nrjwY94-lueKGHtwwWLwRWjm7jgh2DFvcBkFGJCJZnv_VtHC9NPVw8jILah6HaesOBxpUgusZBXyvCu8ispDg-ZU5XD8kl4fQaVTuh2lTANXsoe7EKImnjGtrnXKH6LLaqr3NhSgQGXlffKcAHpYrWgnG6cTPkSEK_QyjCz-gljXETwiuGEKJh7ahqdaT-0G5-XqShmOh-oCDcnBKj5kn9jZ7Ti0-jfZVyRnj8YeJkWuMq6TRbmhAOoSnpUTVwEwGzE7gdEMGN6HNWjVbDACwNr5htjubKXHbo_q7bKhk20VshZWsUONcB6Di9zbAgmbi56RPtGNixX4k2evv_ZAD6GXzki-dU8iL1MVzCaSSYhwvFtd5wFy9K20-Es15wBoW0-4dbVea8sVHlyfTdDDvp0zS4SPz_6gtL5kCzxGKTcFTGtkRbSLH0g_RHVI5ifzWA_xsFFcn3tEQGAoKaB7343b3wnohDmoU8vDJQmq_fpC5Gn_ivpx4_0WXhNrJiGIidCI_E-AEsociLWzwCrccQx06gWnfj3yZh-OrkHUDoaKYHxEvQdq2aLU0PVca17YIWrpk9-yxPgTQU1pS2vAvYITKlSYwI7yyi6faYY3dZL4CfrTVJGbRk88aobpv3z1O9G3HQcdNCMjU9EzCpmuEK5bPHnp4M0-f3_RIfADYlTMKVBJRwSwOD1ez123JHRfsNhX3zb24kAqX3sHtc2yUTh1YQcU9UAfece0Euh92yzGkn9cLqXOcN81i3z8cKK06MyggXWngq9mei0awo1i9my4ELzMdnihSkW68H9JHI2939IzK6iHd3wnW2Byfi1CDjwc3pnWJB5ac37KgLNazd8KwgDA3Z7Kb79cGX4KbYzrSgJ4N8A1OL7GoNBagocBRlb62WeEElfv5e52YzqNproLhve83H5TVTTblMHj3vgrOYV1B8oVw29mbOz6vFtjCOFZhTIBD_1WvuBO4e2NGsy_2WNgx86QKe8tHFS7s1fWNUINiHHcFaM1fzMTKeyuzJoPb7dsUzs29pfhhM9BErso5ACtcz6i42jSfK61cKOJrI_2gn6rLPQsgogxaDVxHZkzrcCrbKHpy5P6wsziQfGoXIy6VOn7Wg5f9nUg85INdsSld5Wu1ZoZiJ7ecRxJR2GCv-h1XEO26M0zOONfzYai92DRT-FaFsiDVt7MUCFL5qid2wVoCiKwkJlxYUdSDP4rjzYASKqpdOatbQzR0D7vfoyC1c-2EQJHKiFURZuE37tibxWLqJlfTJLv5ao6r3RLkdAhjmEsJAplLBnHHmoz_vfgskaZWrlyJBgGUbjJlT05QyG28pFIUSgtPcyBvaqt0VkNCyqjyyc_pHAWT_bOUSdSX3qi_j-Ev3UDl2sVloY7xKbaTUr2J3vr3FGma_rLa2iHUkx1DsTC1FFpZzVi5b1rvvHri9XR88bNun3GpjVhEXcphwIpd07AnZkcGPXL2ozwf-FFXixv0anXKVcgRDmFi9xgSKt9MKHIkB1Rzn-eMpzH1d-4Zv5j_GfrgeO2kOBxd1x8WwbF2IIesMDu8QINjMBIOEU-WVGryu3D0F7t9iQEE7iZ8PUx0fFnYeEGf5x49Da6qoaygZYtQW0UgXfJoh57m5GatGON4wa32eHcX-WNa_kUnFMCKDr00NFzVyBnG5eKyR7c8bQ2n2_IaNxk2suE_i-xLDJt_3aIvkOd-eDMGgx3S4d07SHcS6NfcX-UHhJimTHhL&cid=CAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fuintacountyherald.com%2F&ds=l&xdt=1&iif=1&cor=11179778266369395000&adk=3690638929&idt=183&cac=0&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 18:05:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
428450
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 18:05:08 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NzU1ODA5MjEwNwogIHNlcnZlcl9pcDogMTgyNDU3OTMwCiAgcHJvY2Vzc19pZDogMjA0NzQ3OTk5NAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame C9B1 		0
498 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NzU1ODA5MjEwNwogIHNlcnZlcl9pcDogMTgyNDU3OTMwCiAgcHJvY2Vzc19pZDogMjA0NzQ3OTk5NAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxNjI1OTA5ODY0NTE4NzExOTEyNgpkZWJ1Z19rZXk6IDIyOTkyMTg5NzY1NDAzNjMxMDkKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTI5IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIxNzU4OTkKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIwNzA2NwogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f134.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xdcef201938bdf00c0000000000000000","13":"0x944de669759348fb0000000000000000","14":"0x78c55fa5da1cfd1f0000000000000000","15":"0x916ce007a7878bec0000000000000000"},"debug_key":"2299218976540363109","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"16259098645187119126"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
iju9wczm8trb
hal9000.redintelligence.net/zone/ Frame C9B1 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1701277557573417&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.150.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
a5d43569ce3d8558c9ae005da6e46cfd9aae4b2b5c58200f616d28f77096379e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:05:58 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
4277
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame BD96 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
308838
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 26 Nov 2023 03:18:40 GMT
expires
Mon, 25 Nov 2024 03:18:40 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
request.php
hal900018.redintelligence.net/ Frame C9B1
Redirect Chain
  • https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=1951894127326&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
HTTP/1.1
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
bcabd5e8a073d7d568285ba4f707f2e224e21266145dc4e47aad9cd1da27cd27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 29 Nov 2023 17:05:58 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type
application/x-javascript; charset=utf-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
53747800141096604444554012523018
Connection
close
Content-Length
1341
Expires
Wed, 29 Nov 2023 17:05:58 +0100

Redirect headers

Pragma
no-cache
Date
Wed, 29 Nov 2023 17:05:58 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=1951894127326&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Length
0
Expires
Wed, 29 Nov 2023 17:05:58 +0100
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame BD96 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:19:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
2767
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 28 Nov 2024 16:19:51 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3D3D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B4Qvvdm9nZfGhAbyqjuwP1Jmv8AsAAAAAOAHgBAI&bg=!Tk2lTQLNAAZxrfrxUa07ADQBe5WfOC61-nEogIdhXxr2U4zi2mXJ4bnEOsKZo0tvr3hQQOvtMbLv2p0TXyI2JLuIdrGvAgAAADdSAAAAAWgBBwoASB0FwaM7OATy1HcICmHWJzTZaSfONxjQnFE3cNoDy47PebdDgI0SEPLR8UxnMMq7MhcIDgEbzB3Q5AnjIdkzGO634tuONfE_UpkDBbcpxuz5S5_ODXT6nwm8117SoanhBsI5h_ufeVyFUq0eMQPe00y9BwZV9Rh-7TfhxzgD0MyM6wlSKATQsCWWAyqIdQ8KetDO4MQbUEWO_S5R8B0ecWQUCH1EjdSf2qZT3jQwh8IsqlRQRabCC29t4TyNkqn-nB2Uj3eAOL9Qt1CFVuGqNUWdvL-WiRVY3MVuIo-2wM1WQV5FS-3joWTdl_tYg5aY-pxQSqqNky9bj32koRXmSZ0kW5avY7gFBJtCyCwZqfw9C-FyiWDVHt7pStPuPz_ePxG4zCES4ComW19LEOELk-6nerGsippSLr_3O4oXcMieazNltv1DzYMxWyEvvbbvhUj0MWYWuMui9Q0AjGf9pZH6BJ2RIBymSxT9v7zYopmTRlXU5RNynJXY8NJPZ4OW6Cd-BtjSgJMHl5ZyKk419DaA2fch2ZWf5w2YYogy4rECp2NpBh4NXBJohdEKv0-QaPBBy9GTk6ptCM3OIUjqz_yl5zbu17nGXKYY329jq8P4HFjO65pD8dvsKzmlpmVOCKYkt13kZ3TOJQrFAumCaJ8EqsGrk_V-c3RUiaW8WtOedZBe5Y89nA6BOrcochIfYKMrQ22fktaqduEF4ae6v5nP7AZy69gO7K7dJJgGu062UzhtoQe734XDxskerzYV54hyL0MApV95X3pYLhR7TQte-DrZlrncm4LlOU-G29gg4IQ1EdeWQSKq4aY3E-m3C25g5WmBvS_epSu137xq3lYcBSdh2eJWcbM1tjRnFNhLr6sb_05sVR6PuGqnF7l0XtaRYe4UzqvC-6aKAFBt36qLCu2iLWM-OVlYrjVCzt2d9fQNwOGgFKJtXmDFSUjuHB62uDZMkP3O9Aeets0d1KVrqQmUO2bX7KgheX48vjSisJUDGpK-01h8qJtYkRcLqRnFAl3-l2wLAD142egGMCxNXDVpOZEEzWa2oWto1T39Z_Yx2Kqaprl3rebGNlJ51NW98ojvtylbwu1CbwCAA_ZLzcZJSf-crimaxNM_Xcfo
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame BD96 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BIHoGdm9nZcvPBcqsgAe6oajQBwAAAAA4AeAEAg&bg=!MjGlMX7NAAZxrfrxUa07ADQBe5WfOD3uB-RrDFwSbLu1YalQfYh6MoJkqEK3C4ll4F8efaxbK4uFm4EetgYLn69uk_zgAgAAADJSAAAAAWgBB5kDByQCmMG0LmVQoH1SZXM_PfLRClKkErXk6LNIZHdbaB-X9m4vrr_-I8dUjbQp2e-UDij_kPs0pWpI7dy5I-zAAH3JZ_48yvTT65mjQhVcLQlq615ZOOeU0fX5zARCXAKKvhS_YGkTHV9UDTwSr-z3ntecJVPP_zkxZ2QXdWjABbXcD1nr7TjekzvhrbVIAiCwEpgwB18KJ_aawsGaAJzfat1HxKswa3hs_sCilflg_cLFRoCTNDya7_MKgHHDlONSadYYIVWC2lCcS585dDPjF3teCxpxIW7XQt9tzIhO28NPOtPIWv8HiQMwqHNSy-66OuRALlF1Ne6D8Ecx-pb5A1tfx2sOjY3ge7nT60jmPldE7hPy1oRpGtdawme7fBoAaFKRTsu-gLQ2DadK8sMa7Fn0XWPdwEE7k5upNIU48ePzjvQ8BXIikXnYYME9JWi-PVO9ugsGfADNpg6RsTZzSN7dmp9HOgRk4kHuK5xRkW1vEYuZUF35gSrYGaIZbcpsWtHPuMYP0ySPTFWaapxs6o9fSYnkcqXp-ggplB0Vx2lOG26WLpivJE8rN7dFDGPO51PDX_LMvNG9HeJt6JLBT1dEh82IdARFgXCQZh27mw2g5sQAgsCd9wSdx9BLi8c6Pv3I1vcypjRYtanezHNOPN5WTDfXXEIuaiV7C4U7qtgrOYy9QYadNUpE4Ygg3tksl3lcAAXx2x9BacKqlUDXRBVoE7kX4geX1MFwgTyT9YxT9-s39ZT7VBTzhLuaeZYAR6zH4scTg-IDXneysxo480FSrSCk6lBadxgkyuxpoGI6JJHxca4WW677thGN8Y-q5c9RurLoCqI2ulNRqIgU-1A4PISic7orl6YBcpU7pmp1-1Pe8cLpjPHB-5u8fzimccQjYYcC617REaJ3KKKHBWwbWBeEPbu_y2lZ25vG-5aGIqv0qfdLHM95MvLbo5HQPda3mKKLnzWp0e3kEtdz0fflIBZvX2d4H4DtZmMNbb_7Ou1Mbf4gxtXkjr4hh5UvFUq8UyRBgh4
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view.aspx
pb.media01.eu/ Frame 32D9
Redirect Chain
  • https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=50068900152000104444554012523002&t=htlp&gdpr=1&consent=1&gdpr_consent=
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
0
607 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=9633963709823&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 29 Nov 2023 17:05:58 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Wed, 29 Nov 2023 06:05:59 GMT
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma
no-cache
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
access-control-expose-headers
X-Request-ID
attribution-reporting-register-source
{"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length
0
content-type
application/javascript
date
Wed, 29 Nov 2023 17:05:59 GMT
host
pv.medialead.de
keep-alive
timeout=20
location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host
pv.medialead.de
server
nginx/1.17.5
strict-transport-security
max-age=15768000
vary
Origin
x-iplb-instance
53758
x-iplb-request-id
253A3AF9:9440_91EFC182:01BB_65676F76_552E08:41F0
/
adv.office-partner.de/ Frame A6A7 		930 B
923 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=9633963709823&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=604800
content-encoding
gzip
content-length
552
content-type
text/html
date
Wed, 29 Nov 2023 17:05:58 GMT
etag
"3a2-5c1ab16b3be00-gzip"
expires
Wed, 06 Dec 2023 17:05:58 GMT
last-modified
Thu, 06 May 2021 15:37:28 GMT
link
<https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server
keycdn
vary
Accept-Encoding
x-accel-version
0.01
x-cache
HIT
x-edge-location
defr
htlp
futalis.de/ Frame 53DE
Redirect Chain
  • https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=50068900152000104444554012523002&ra_cnt_active=1&ra_cnt=1
  • https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767914
350 B
401 B 		Document
General
Check archive.org
Download Go to
Full URL
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767914
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=9633963709823&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
lb-1.futalis.de
Software
/
Resource Hash
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
350
content-type
text/html; charset=utf-8

Redirect headers

content-length
0
content-type
text/html; charset=utf-8
date
Wed, 29 Nov 2023 17:05:58 GMT
location
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767914
p3p
policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server
Apache
xphp81
true
view.aspx
pb.media01.eu/ Frame ECC3
Redirect Chain
  • https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=50068900152000104444554012523002&t=htlp&gdpr=1&consent=1&gdpr_consent=
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
0
226 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:00 GMT
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 29 Nov 2023 06:06:00 GMT
server
Microsoft-IIS/10.0
access-control-allow-methods
GET,POST
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Wed, 29 Nov 2023 17:05:59 GMT
strict-transport-security
max-age=15768000
x-iplb-instance
53349
content-length
0
proxy-host
pv.medialead.de
attribution-reporting-register-source
{"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server
nginx/1.17.5
host
pv.medialead.de
x-iplb-request-id
253A3AF9:9450_91EFC182:01BB_65676F76_551830:55DF
vary
Origin
content-type
application/javascript
access-control-allow-origin
*
location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=50068900152000104444554012523002&actionid=879111&produktid=ratenkredit&dt_url=
access-control-expose-headers
X-Request-ID
access-control-allow-credentials
true
keep-alive
timeout=20
e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame ECC3 		43 B
664 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=50068900152000104444554012523002&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=ba534d660a&subid=&uid=0c6ca6c5efffcb34&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt7BUdW9nZej_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSpAk_QIwStbFguJ6H6WldNevilgO0XkqGRv0NkrpvoAyIr2afIMN64JtnlTaQD6-WKfJBZpd9CH4h_A4Tu4wOLvT2cykjEOFexQ-_SSl8aG_wDnsZlR8sOpYQ9HWhUUaNwKOh8u_0AM-rswDtNnNbyLeQR7YTeobMsEdTspZidLb8JSAth0eSxI2tqi4cw0KscOUN0z_VYjXT0StBV2Ga2Q3dDIp0r6ooZaDn6U5AHkqm8QZbLisbOi4JqhzhwNkofwWiFomvf5hrrFPS32kf7hl2RYRvv1GaJpjWksS8pQF1x0cWI44_3bgURUMVAoTMpDGvhYUzp8smwUZ6Dsdtra61KQfrDbOkFuXvMiEh_TnCxeHArrYRmuxWCItp0cAQ-sQ0tYtvsQQU56MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjM9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_1g4b21m0J2s1ASzP5T4D4t7-4Pgg%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DcCR8QJhcj2U-WhCuC4uEcwYbXJKo6q3-31X5M3u353X5Yx_tCBzdcm2JgAaZx9oJJ-LxiP_eKLSBF4zUXnNS1uwsuagEhRdXDtpGW0NozdOi54_cAcLgZ67vhUdCzsuPpjG6YeM07Y9ba1iQqeCN5ClDuBcIcqoQl8Ll7zVT2VrG_XJM%26cry%3D1%26dbm_d%3DAKAmf-BFSaWiNzuZh9WfEvKmw71bPYjKdoyPWQeSdFlJpeZlLI1kmFgapu_ssTpKJCSs6oWFId_4Lh67cht7Qh-fdzc4IsKPtKSxPz_HuvvSrCUAGPKkIiJV4N73n5ZLI63Xg_oxcHePJu90Dq50cg-EnRugWiMyMDW2Pb8O-eU8-3J-El-BlUat2ysqRp9xG-azjRwZgWBipP_Wqmt-EOBBltTo8Jt3u_wF4yjvnpH9mV--VIl-Evq1TNaRXt1ei4drZ2GVnMW0ZUVU-Mwex3V5GTWKPvnGMEP7yOXxm1TWH58Iq90xgHgTWRugF40YePoAsccKc7u52L8UvBhenLkdXWmdoVTUL6UwGY0kcZaQ7sFGXgxhCm4m_wEIr4UVvT6nEE0SAm69-r1cZEpASg6QsD6vJRGGQyLVzTYkLALOePlaxmaUa_hxBuRnePLMXwk1grTMh6dlG0z5Ot8jW8PNFSLmY7gYjotOE4PNdbq70NgtBBCcAomP6r57KeoezK3MG5BJDXeLCJ2HE7O7TThBBxelMydEIuuFGgzqU_KG4osxAf2kPWc%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=9633963709823&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
145.239.193.130 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.17.5 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
strict-transport-security
max-age=15768000
attribution-reporting-register-source
{"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server
nginx/1.17.5
host
pv.medialead.de
x-iplb-request-id
253A3AF9:9452_91EFC182:01BB_65676F76_551849:55DF
x-iplb-instance
53349
vary
Origin
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
X-Request-ID
access-control-allow-credentials
true
keep-alive
timeout=20
content-length
43
proxy-host
pv.medialead.de
gtm.js
www.googletagmanager.com/ Frame A6A7 		174 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF
Requested by
Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ced245e1118d807c7c57c20a581109ce7fac58cfcc8dce18d8a983f54acd427f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://adv.office-partner.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63922
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 29 Nov 2023 17:05:58 GMT
view.aspx
pb.media01.eu/ Frame 59E5
Redirect Chain
  • https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=53747800141096604444554012523018&t=htlp&gdpr=1&consent=1&gdpr_consent=
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53747800141096604444554012523018&actionid=879111&produktid=ratenkredit&dt_url=
0
180 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53747800141096604444554012523018&actionid=879111&produktid=ratenkredit&dt_url=
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=1951894127326&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 29 Nov 2023 17:05:58 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Wed, 29 Nov 2023 06:05:59 GMT
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma
no-cache
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
access-control-expose-headers
X-Request-ID
attribution-reporting-register-source
{"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length
0
content-type
application/javascript
date
Wed, 29 Nov 2023 17:05:59 GMT
host
pv.medialead.de
keep-alive
timeout=20
location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53747800141096604444554012523018&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host
pv.medialead.de
server
nginx/1.17.5
strict-transport-security
max-age=15768000
vary
Origin
x-iplb-instance
53758
x-iplb-request-id
253A3AF9:9432_91EFC182:01BB_65676F76_552E09:41F0
/
adv.office-partner.de/ Frame 8A56 		930 B
922 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=1951894127326&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=604800
content-encoding
gzip
content-length
552
content-type
text/html
date
Wed, 29 Nov 2023 17:05:58 GMT
etag
"3a2-5c1ab16b3be00-gzip"
expires
Wed, 06 Dec 2023 17:05:58 GMT
last-modified
Thu, 06 May 2021 15:37:28 GMT
link
<https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server
keycdn
vary
Accept-Encoding
x-accel-version
0.01
x-cache
HIT
x-edge-location
defr
htlp
futalis.de/ Frame E69D
Redirect Chain
  • https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=53747800141096604444554012523018&ra_cnt_active=1&ra_cnt=1
  • https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767916
350 B
400 B 		Document
General
Check archive.org
Download Go to
Full URL
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767916
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=1951894127326&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
lb-1.futalis.de
Software
/
Resource Hash
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
350
content-type
text/html; charset=utf-8

Redirect headers

content-length
0
content-type
text/html; charset=utf-8
date
Wed, 29 Nov 2023 17:05:58 GMT
location
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767916
p3p
policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server
Apache
xphp81
true
link.html
track.webgains.com/ Frame C9B1 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=53747800141096604444554012523018&nw=1
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.11.123.127 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-11-123-127.eu-west-2.compute.amazonaws.com
Software
nginx / PHP/7.4.26
Resource Hash
66d7813bab610e5af174d72309a1e4e71c0ca9cb3c8ac00ccc92829e8f32b6e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
last-modified
Wed, 29 Nov 2023 17:05:58 GMT
server
nginx
x-powered-by
PHP/7.4.26
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=60
access-control-allow-headers
Authorization
expires
Wed, 29 Nov 2023 17:06:58 GMT
activityi;dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22
5994599.fls.doubleclick.net/ Frame 4927
Redirect Chain
  • https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22?
  • https://5994599.fls.doubleclick.net/activityi;dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22?
390 B
324 B 		Document
General
Check archive.org
Download Go to
Full URL
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22?
Requested by
Host: uintacountyherald.com
URL: https://uintacountyherald.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f6.1e100.net
Software
cafe /
Resource Hash
bbe117bd982a22eeb9da6a7214d526e0a9f0b798b7fdc44ab7b854db17da14f5
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
215
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:58 GMT
expires
Wed, 29 Nov 2023 17:05:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:05:58 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
request_content.php
hal900018.redintelligence.net/ Frame 7354 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/request_content.php?s=53747800141096604444554012523018&a=14efa9bd
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=2caadba388&subid=&uid=a2707e12eeed49bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1cdEdW9nZen_Iozj7gOz8bKYAqblvaBprZWcp8kP8C4QASDp3MZKYJXC_oGUB8gBCakCvhebxQtqsj6oAwHIA5sEqgSsAk_QnUXCvVbuzGpUKcXVl2jqdaq24l2nkKgeNRLgc85-MDxYZPe7pcR45Op_brSsirbFQyfEcc0O0-AInzEvUoOb7pQOfNOrG4PKJp8nXkEC_u19s5ZMpxiaYBG2H_0Py8X_6ubAZkfyJulJ4hMm6Ersc_EETlz38wVzVDIXXfjycPQjNOyg2J83zPKGiLUe1IvJ0mVEwcbWhAuPiK6AbvAdJKUyamC1P2CzCPIUDrTC-gXD-L58L44LlaImcN2jRv0g1WRUdRrVyvHvx_DcwP0OZndOgsiddjp43B6oLrocaLQMa6XN7eolp6tsMaIW7st0Uqgk8IVUd46r5ef6B3tT_Epwo6ftoV28_DodU1qK4RZ5PLjnLLnypg3de6TSE3OYahf0W1Yc2iBz3MAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljFuu3j2OmCA_IIG2FkeC1zdWJzeW4tMTQ3NjI1MTY1Mjc5Nzg5OYAKA5gLAcgLAYAMAaIMHCoaChjktLEC7rWxArW4sQLktLEC7rWxAru7sQKqDQJEReINEwjN9u3j2OmCAxWMsXsKHbO4DCOwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNr110Ggfr2-G822GwFH_tzaPNoQiRYiKqttenU6HMg9almuB1JWS2b7brI7NT2ekLU5TKJk2yGAE%26sig%3DAOD64_0jLkHFJoUMDb7PE8CZI4vw9cR6Aw%26client%3Dca-pub-6718426237615610%26dbm_c%3DAKAmf-DK2jNxNmANGAvQeWzH7KuLFb2VgjHV4xbzw56iTHzYBMYHJoUZwoheGV0Diq3DAOUq9YGvUQxG8kr9qpx8OPdhvyzEheVtnSe4q5LllS9O9DHWavyolnM8Lqv5tpg4yzwZUw8vsymIPuYWH7u4kWagqZyEukW07BbOVek7QJajLpj-X3M%26cry%3D1%26dbm_d%3DAKAmf-AmBKMKcxiLE2ytS--KvMRMjX-v39QuohKX2WdF3qnp3mubOGJK7UAHNp4QwfurAEAsRH-Eysch-LNwYX1rsstTq84tjWeYRGsgk8u6QrY7MgVivBn39oaaQWianc2q6dbX6d_nevgRZpbS2zS31UB1A9srqeYZLUcCAiRUuxNJj1SIdh5Z8DR3EjYH5_8AYxGwG-PlKPCNkStq0s9PeJgzYM6_cFEnGh036cK2TpyPgoME44ekRzPJmckymuqbAsWCWyQRYxLOsBxXWrumaL0INt9MuN3XH2litoZRkmB7QkOdaTHhVoZvzBCtGw-G_qhknlO4T4NTdK-3EniabpTnf7ue2e6u9ALIM5npQDGzjy2VrURogfcFVVh9Cx_FVFtzZIyEULA185OxqMOx4TBgWNVYdBv03Drzv1DtjaVc_Rzl91otJ9dxQge7C_upA4o3U512dw0qP3TxHHAXebvYxLZ_1AMW4HYBNk3H_sY4HNnNtpyi82aAD4h9UDYIWnJdDh2xfrPOn0o5vX-75SlAYFmB7s1Ao-y5hdxG6uKrOF5VKgQ%26adurl%3D&documentReferer=https%3A%2F%2Fuintacountyherald.com%2F&ancestorOrigins=https%3A%2F%2Fuintacountyherald.com&random=1951894127326&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
ddd389d4f1655ad272d4e68917b2f5eccaa161ead9d8ea8697d0fa6c60541e54

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
2049
Content-Type
text/html; charset=utf-8
Date
Wed, 29 Nov 2023 17:05:58 GMT
Expires
Wed, 29 Nov 2023 17:05:58 +0100
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame C9B1
Redirect Chain
  • https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=53747800141096604444554012523018&t=htlp&gdpr=1&consent=1&gdpr_consent=
  • https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=53747800141096604444554012523018&t=htlp&gdpr=1&consent=1&gdpr_consent=
43 B
664 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=53747800141096604444554012523018&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
HTTP/1.1
Server
145.239.193.130 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.17.5 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:59 GMT
strict-transport-security
max-age=15768000
attribution-reporting-register-source
{"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server
nginx/1.17.5
host
pv.medialead.de
x-iplb-request-id
253A3AF9:9460_91EFC182:01BB_65676F76_552E85:41F0
x-iplb-instance
53758
vary
Origin
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
X-Request-ID
access-control-allow-credentials
true
keep-alive
timeout=20
content-length
43
proxy-host
pv.medialead.de

Redirect headers

location
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=53747800141096604444554012523018&t=htlp&gdpr=1&consent=1&gdpr_consent=
date
Wed, 29 Nov 2023 17:05:58 GMT
server
nginx
content-length
138
content-type
text/html
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame D005 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2868
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 16:18:10 GMT
etag
48472445140208031
expires
Thu, 30 Nov 2023 16:18:10 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame C9B1 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5f8929b16b10b4be3b00037a7fdc61f3ccdf6f189b22a53ac4dc57f62265da1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Content-Type
image/png
ts.js
cdn.retailads.net/ Frame 53DE 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.retailads.net/ts.js
Requested by
Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767914
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://futalis.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
last-modified
Wed, 05 Apr 2023 20:14:46 GMT
server
Apache
etag
"1416-5f89c717cdc2f"
content-type
application/javascript
xphp81
true
accept-ranges
bytes
content-length
5142
gtm.js
www.googletagmanager.com/ Frame 8A56 		174 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF
Requested by
Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ced245e1118d807c7c57c20a581109ce7fac58cfcc8dce18d8a983f54acd427f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://adv.office-partner.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63922
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 29 Nov 2023 17:05:58 GMT
css
fonts.googleapis.com/ Frame 7354 		5 KB
682 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=53747800141096604444554012523018&a=14efa9bd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:05:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 16:26:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:05:58 GMT
/
hal9000.redintelligence.net/scale/ Frame 7354 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=53747800141096604444554012523018&a=14efa9bd
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.150.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
d1b4ae2dd4d8b12c71f6e4fb805892da40cd8657614f8cab3aeb35fed8507e0d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:05:58 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
12180
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 7354 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=53747800141096604444554012523018&a=14efa9bd
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.150.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e58125c8247b854bc1728996fa13026ee777341d2594f099477b37f9f5ee0ed7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:05:58 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
12073
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 7354 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=53747800141096604444554012523018&a=14efa9bd
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.150.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
3e25b33d679508551c9867b48899bc4c32afb0314d79b2af1f927d17869b932a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:05:58 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
9491
Vary
Accept-Encoding
Content-Type
image/png
ts.js
cdn.retailads.net/ Frame E69D 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.retailads.net/ts.js
Requested by
Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352767916
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://futalis.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
last-modified
Wed, 05 Apr 2023 20:14:46 GMT
server
Apache
etag
"1416-5f89c717cdc2f"
content-type
application/javascript
xphp81
true
accept-ranges
bytes
content-length
5142
current
dclk-match.dotomi.com/match/bounce/ Frame D005 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOm5BGaXQgyePwxF7PKOKlU&google_cver=1&google_push=AXcoOmTsv96fufWE8VgzfD9fdBcys5QDqbqlrhYQj7TBhFNceBOohH5C0mgGQ3V6g-t6h2C1bPZTmRw2QspigcNTSw-F7kFdsIE
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
i.match
s.tribalfusion.com/z/ Frame D005
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEAOHgzAHPyxdTVFXjvXkvEs&google_cver=1&google_push=AXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg&r...
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAOHgzAHPyxdTVFXjvXkvEs&google_cver=1&google_push=AXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg...
43 B
422 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAOHgzAHPyxdTVFXjvXkvEs&google_cver=1&google_push=AXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
cf-cache-status
DYNAMIC
x-function
302
server
cloudflare
content-type
image/gif; charset=utf-8
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
82dc704539513632-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
cf-cache-status
DYNAMIC
x-function
206
server
cloudflare
x-reuse-index
128
content-type
text/html
location
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAOHgzAHPyxdTVFXjvXkvEs&google_cver=1&google_push=AXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSsYNjyozxb6bV26YxDK4rg5rdOv_vvE1ZSxFbCBX3P9rWcu72iHNJQr66aVASHMVoTH8OKkD4HlrmKRCOyFQXCo4w83rg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
82dc70442ff33632-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
x.bidswitch.net/ Frame D005 		43 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDmvu1lGDT-KWp9wQrFFzOQ&google_cver=1&google_push=AXcoOmTIeoEEfZoOBkaxuXLgCuQcv_S8VKvZNpBNoZMNdtGmfUmdfevMhBc9ldg21x4baSYzrcwNgBwEUDcKXU-W_Mvupm_d_Bc
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.157.205.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-157-205-178.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
pixel
cm.g.doubleclick.net/ Frame D005
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECsQvFJKSdvXg2pWk7HSgxs&google_cver=1&google_push=AXcoOmTW_w7TU52JBfW2gG0hU5_F2EnseXkLrSMjyyt7GYtNHQEC_x2TKLP7Nmxqbso-sVAfWF_1os25W0y_BTOKcJaj1Yo...
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTW_w7TU52JBfW2gG0hU5_F2EnseXkLrSMjyyt7GYtNHQEC_x2TKLP7Nmxqbso-sVAfWF_1os25W0y_BTOKcJaj1YoTbUQ&google_hm=eS1OcEw2c081RTJwSHVldUF...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTW_w7TU52JBfW2gG0hU5_F2EnseXkLrSMjyyt7GYtNHQEC_x2TKLP7Nmxqbso-sVAfWF_1os25W0y_BTOKcJaj1YoTbUQ&google_hm=eS1OcEw2c081RTJwSHVldUFWNTBzeVExVEdMTjNfVHE0c35B
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 29 Nov 2023 17:05:58 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTW_w7TU52JBfW2gG0hU5_F2EnseXkLrSMjyyt7GYtNHQEC_x2TKLP7Nmxqbso-sVAfWF_1os25W0y_BTOKcJaj1YoTbUQ&google_hm=eS1OcEw2c081RTJwSHVldUFWNTBzeVExVEdMTjNfVHE0c35B
content-length
0
dds
rtb.openx.net/sync/ Frame D005 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEN9hto4uYrAiheMJd3XQBnQ&google_cver=1&google_push=AXcoOmRfOyvWEXInZNORoCYtQUCAVAJIzVY1pYSF8tKovtOnwkpbdkH0GD1qGxJjdEo0ZMwLvXGTgjQiUTjoF88WE2BcnL1eNs8
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
via
1.1 google
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
pixel
cm.g.doubleclick.net/ Frame D005
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHKbDXEZ47cx-aHoD_2t0q4&google_cver=1&google_push=AXcoOmRVnqLfoYNfYeiYjLKqY3x_HXQhK_2z6_O-uhdhjBeZAt2-kF5gACb1rJXWvPZvsWJWisv...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBLMFFER1AtRC1LUUYy&google_push=AXcoOmRVnqLfoYNfYeiYjLKqY3x_HXQhK_2z6_O-uhdhjBeZAt2-kF5gACb1rJXWvPZvsWJWisvW4u9qJYYgwjClUn95nr-ZyHw
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBLMFFER1AtRC1LUUYy&google_push=AXcoOmRVnqLfoYNfYeiYjLKqY3x_HXQhK_2z6_O-uhdhjBeZAt2-kF5gACb1rJXWvPZvsWJWisvW4u9qJYYgwjClUn95nr-ZyHw
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBLMFFER1AtRC1LUUYy&google_push=AXcoOmRVnqLfoYNfYeiYjLKqY3x_HXQhK_2z6_O-uhdhjBeZAt2-kF5gACb1rJXWvPZvsWJWisvW4u9qJYYgwjClUn95nr-ZyHw
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
cc9654c54e9aa67bf2b10be1073297a8
Expires
0
pixel
cm.g.doubleclick.net/ Frame D005
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_hm=ZWdvdToZxE-gKcOO0GHIlAAADTYAAAAB&google_nid=index&google_push=AXcoOmSa-skKrlonX9IK8UJ3artOy5IkgQhdL...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_hm=ZWdvdToZxE-gKcOO0GHIlAAADTYAAAAB&google_nid=index&google_push=AXcoOmSa-skKrlonX9IK8UJ3artOy5IkgQhdL7RX56DEFUPw-DpxxCLFDaUb4InUTONRyZe0F5HXXBlLvmVVJ3yKBJJDRa0vsw
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWGuZn7SKuu%2BD6Rm0zLKoVpE2frSNroZ8BICmWFE45k3fTlFFOOjPB%2FdI06LZfrTsjRxcYavY6%2B%2FvDtFTanDnX2XmeN2M7aX6h3AckBY8myGeG4noVY91xMqc%2BjreVbj8u2VVn0WXl5icg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_hm=ZWdvdToZxE-gKcOO0GHIlAAADTYAAAAB&google_nid=index&google_push=AXcoOmSa-skKrlonX9IK8UJ3artOy5IkgQhdL7RX56DEFUPw-DpxxCLFDaUb4InUTONRyZe0F5HXXBlLvmVVJ3yKBJJDRa0vsw
cache-control
no-cache
cf-ray
82dc70442a6303ec-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
attr
cm.g.doubleclick.net/pixel/ Frame D005 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J_Rhlm94_3EJ3ZFDrj8tOfFLectFv-oWAVoJq0ZGvccSsxo3jecym2Km7bwg4xYxVjzqn_
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
js
www.googletagmanager.com/gtag/ Frame A6A7 		273 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
89d184a593ccc33952838029fb12555deda79106244f026bca102216446ce144
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://adv.office-partner.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92921
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 29 Nov 2023 17:05:58 GMT
viewability
hal900018.redintelligence.net/ Frame 7354 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/viewability?s=53747800141096604444554012523018&a=129bfa62&vb=m
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=53747800141096604444554012523018&a=14efa9bd
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/request_content.php?s=53747800141096604444554012523018&a=14efa9bd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:05:58 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 7354 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal900018.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 12:44:49 GMT
x-content-type-options
nosniff
age
361269
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 12:44:49 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 7354 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal900018.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 20:59:44 GMT
x-content-type-options
nosniff
age
331574
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 20:59:44 GMT
js
www.googletagmanager.com/gtag/ Frame 8A56 		273 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
89d184a593ccc33952838029fb12555deda79106244f026bca102216446ce144
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://adv.office-partner.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:05:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92921
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 29 Nov 2023 17:05:58 GMT
dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22
adservice.google.com/ddm/fls/z/ Frame 4927 		42 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22
Requested by
Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKbEo-TY6YIDFchbwgodjxwMwA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1893834606047.22?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5994599.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pvClk.min.js
analytics.webgains.io/ Frame C9B1 		53 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.webgains.io/pvClk.min.js
Requested by
Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=53747800141096604444554012523018&nw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.28.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-28-99.cdg52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:26:53 GMT
content-encoding
gzip
via
1.1 18364d9ffa15c1c031d187551fa4d248.cloudfront.net (CloudFront)
last-modified
Thu, 23 Nov 2023 16:26:10 GMT
server
AmazonS3
x-amz-cf-pop
CDG52-P5
age
2345
x-amz-server-side-encryption
AES256
etag
W/"1180a1bfee0aad979766ecd6180b923e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
Do2seADw7_J2xXCMHvd0USMWtT86CWfgKrmgDfWB-m29ZzpZvdvlfA==
1x1.png
cdn.track.production.webgains.team/7121/ Frame C9B1 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1701277858&Signature=a5RPR5u-U7517rhllnKavErgdA7FAQ2-IQvien8Jb8OD3RZIH8yVKqkdHLZueU~fR~1uez1anQdrwI1tCL23h9eLAaBs6kppLl26pAi7AKa4apGLOORpxVC4dOvDROnmQIDcT9cP~gjnpkiEU1-LAB4LLL2L7TxZMWApX3F5qd0rX6l-MGTOCi0DRC7lzjRwjg8g7ZkTMJmdmmebwNPi3HPskYvEJQT~hdLuG33fVIcC0txd1ZvJnKY9uVf4gkxIVUDSjMo7xlpv7tCess8lNic9ozzT7OnAcU4E4XtE9snOi8aWplIgA8-m9gSvlvMjXbAolHSKbIIQS4h-ep-oZg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.50.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-50-115.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

x-amz-version-id
null
date
Wed, 29 Nov 2023 07:14:32 GMT
via
1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
last-modified
Fri, 06 May 2022 11:40:06 GMT
server
AmazonS3
x-amz-cf-pop
AMS58-P3
age
35486
etag
"4e57de0506fbdb487ffcd53b450caee1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
2808
x-amz-cf-id
9EzHNqx6l0MOhE6bnc3PMGKOjrKVVls999toI1D1_-6rfYMHuUV5RQ==
tracking-event
api.webgains.io/ Frame C9B1 		16 B
209 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.webgains.io/tracking-event
Requested by
Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-177-10-97.eu-west-2.compute.amazonaws.com
Software
nginx / PHP/8.1.14
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 29 Nov 2023 17:05:59 GMT
x-content-type-options
nosniff
server
nginx
x-powered-by
PHP/8.1.14
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
x-xss-protection
1; mode=block
tracking-event
api.webgains.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.webgains.io/tracking-event
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-177-10-97.eu-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
date
Wed, 29 Nov 2023 17:05:59 GMT
server
nginx
usync.html
eus.rubiconproject.com/ Frame AE37 		281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/library/prebid/8.5.0_trade_desk_33accross_intentiq/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 29 Nov 2023 17:05:59 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
dcl.htm
rt3014.infolinks.com/action/ 		0
71 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3014.infolinks.com/action/dcl.htm?rid=13a5f3c1-0cda-4eea-90d8-3d4d1b2c26c0&prod_t=h&sdata=angie&bdc=1&midx=0&capara=%7B%22ve%22%3A%22mrc50%22%7D
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1895.006-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:05:59 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
82dc704aca3418c3-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame AE37 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
d30ebe5017ee0a99c84556e36d105000a7352a72b16bdd457a813ff75197ce46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:05:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Nov 2023 04:26:38 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=40877
Connection
keep-alive
Content-Length
13233
Expires
Thu, 30 Nov 2023 04:27:16 GMT
khaos.json
token.rubiconproject.com/ Frame AE37 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
7d6e3b6fefbbeb4d018118d74243a2fc
Expires
0
pd
eu-u.openx.net/w/1.0/ Frame 34F7 		900 B
827 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Requested by
Host: www.americanhometownmedia.com
URL: https://www.americanhometownmedia.com/static/diberp-tcx-v7.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
61474e3090b7236062d8e0732ac341150f9098e25fa0f33a7aa2d3a1d80daa9e

Request headers

Referer
https://uintacountyherald.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
510
content-type
text/html
date
Wed, 29 Nov 2023 17:06:00 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
generic
match.adsrvr.org/track/cmf/ 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4bd1642a73&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:00 GMT
server
Kestrel
content-length
70
content-type
image/gif
sync
x.bidswitch.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=92d1c203-c7a5-4c51-8775-fdd6facf2f2e&google_hm=OTJkMWMyMDMtYzdhNS00YzUxLTg3NzUtZmRkNmZhY2YyZjJl
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKU-rQsPmhA-Uu9bEHy9z94&google_cver=1&ssp=sonobi&bsw_param=92d1c203-c7a5-4c51-8775-fdd6facf2f2e
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKU-rQsPmhA-Uu9bEHy9z94&google_cver=1&ssp=sonobi&bsw_param=92d1c203-c7a5-4c51-8775-fdd6facf2f2e
Protocol
H2
Server
18.157.205.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-157-205-178.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:00 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKU-rQsPmhA-Uu9bEHy9z94&google_cver=1&ssp=sonobi&bsw_param=92d1c203-c7a5-4c51-8775-fdd6facf2f2e
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
359
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sonobi
  • https://creativecdn.com/cm-notify?pi=sonobi&tc=1
  • https://sync.go.sonobi.com/us.gif?nw=rh&nuid=j1IRy5uAAH27WG8A5cx6Mf3ndQKacPxX6QeZY7B3hUw&pi=sonobi&tc=1
49 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=rh&nuid=j1IRy5uAAH27WG8A5cx6Mf3ndQKacPxX6QeZY7B3hUw&pi=sonobi&tc=1
Protocol
H2
Server
69.166.1.34 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-188
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://sync.go.sonobi.com/us.gif?nw=rh&nuid=j1IRy5uAAH27WG8A5cx6Mf3ndQKacPxX6QeZY7B3hUw&pi=sonobi&tc=1
pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT, Wed, 29 Nov 2023 17:06:00 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5140084928594550750
49 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5140084928594550750
Protocol
H2
Server
69.166.1.34 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-39
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5140084928594550750
Date
Wed, 29 Nov 2023 17:06:00 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=286
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=NHsiunraV11dasVxOJSEZiU6Ovk
49 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=st&nuid=NHsiunraV11dasVxOJSEZiU6Ovk
Protocol
H2
Server
69.166.1.34 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-39
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=st&nuid=NHsiunraV11dasVxOJSEZiU6Ovk
Date
Wed, 29 Nov 2023 17:06:00 GMT
Connection
keep-alive
Content-Length
99
Content-Type
text/html; charset=utf-8
dds
rtb.openx.net/sync/ Frame 34F7 		43 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
via
1.1 google
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
de1af4e8-a970-acc3-427b-765ff93d7c97
pr-bh.ybp.yahoo.com/sync/openx/ Frame 34F7 		43 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/de1af4e8-a970-acc3-427b-765ff93d7c97?gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:d09c:564c:cd27:b30c Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:00 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
sync
x.bidswitch.net/ Frame 34F7 		43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=openx
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.157.205.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-157-205-178.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:00 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
sd
us-u.openx.net/w/1.0/ Frame 34F7
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=openx&gdpr=0
  • https://creativecdn.com/cm-notify?pi=openx&gdpr=0&tc=1
  • https://us-u.openx.net/w/1.0/sd?id=537073053&val=9eiP9ZLdDAmnTr3O9rkS9wXaFn6GxAfSboKbRYdfVA0&pi=openx&gdpr=0&tc=1
43 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073053&val=9eiP9ZLdDAmnTr3O9rkS9wXaFn6GxAfSboKbRYdfVA0&pi=openx&gdpr=0&tc=1
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073053&val=9eiP9ZLdDAmnTr3O9rkS9wXaFn6GxAfSboKbRYdfVA0&pi=openx&gdpr=0&tc=1
pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT, Wed, 29 Nov 2023 17:06:00 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 34F7
Redirect Chain
  • https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=SH_I7kgsyeFTec_gT3zTuB1_ybpTecbuHXp3ApiU
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=SH_I7kgsyeFTec_gT3zTuB1_ybpTecbuHXp3ApiU
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=SH_I7kgsyeFTec_gT3zTuB1_ybpTecbuHXp3ApiU
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 34F7
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1459446577521559206
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1459446577521559206
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1459446577521559206
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
dcm
aax-eu.amazon-adsystem.com/s/ Frame 34F7
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=120beed1-2576-8570-b3a2-e23d6e597a3e
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=120beed1-2576-8570-b3a2-e23d6e597a3e&dcc=t
43 B
568 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=120beed1-2576-8570-b3a2-e23d6e597a3e&dcc=t
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
HTTP/1.1
Server
52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 29 Nov 2023 17:06:00 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
K16GY72HH6K75NR7CZR4
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 29 Nov 2023 17:06:00 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
VH6HE7GCDT568KFG0QAC
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=120beed1-2576-8570-b3a2-e23d6e597a3e&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
openx
match.adsrvr.org/track/cmf/ Frame 34F7 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=4add92ac-39dc-3e8a-73ac-60aa066ab1de&gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:00 GMT
server
Kestrel
content-length
70
content-type
image/gif
pixel
cm.g.doubleclick.net/ Frame 34F7 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjZiMjQxNjYtZjBhYi02MDJlLTY2NGMtM2ExM2NjODg3ZmJl
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 34F7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFHVOsU-IH0a5FmvthgZr28&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFHVOsU-IH0a5FmvthgZr28&google_cver=1
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=8c35695d-7fe1-485d-a21c-fe8a8c79415a&gdpr=0
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFHVOsU-IH0a5FmvthgZr28&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C9B1 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9916823695171&version=m202311060101&ct=77&x=1&cor=11179778266369395000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
link.html
track.webgains.com/ Frame ECC3 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=50068900152000104444554012523002&nw=1
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.11.123.127 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-11-123-127.eu-west-2.compute.amazonaws.com
Software
nginx / PHP/7.4.26
Resource Hash
f949c3a62049563726c6e01f7bb507264045d669b4185cfb9da37dc28f5ba6ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:00 GMT
last-modified
Wed, 29 Nov 2023 17:06:00 GMT
server
nginx
x-powered-by
PHP/7.4.26
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=60
access-control-allow-headers
Authorization
expires
Wed, 29 Nov 2023 17:07:00 GMT
activityi;dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328
5994599.fls.doubleclick.net/ Frame 86B1
Redirect Chain
  • https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328?
  • https://5994599.fls.doubleclick.net/activityi;dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328?
392 B
241 B 		Document
General
Check archive.org
Download Go to
Full URL
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328?
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f6.1e100.net
Software
cafe /
Resource Hash
979f0ee7f6ab022009e3b2a7c6ccca13cb597463d6214d4b7855304012b5893c
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
218
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:06:01 GMT
expires
Wed, 29 Nov 2023 17:06:01 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 17:06:01 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
request_content.php
hal90002.redintelligence.net/ Frame 42F0 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal90002.redintelligence.net/request_content.php?s=50068900152000104444554012523002&a=c0aabf82
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.47.10.4.46.clients.your-server.de
Software
Apache /
Resource Hash
d10172c4af50c22ad6b2cf368c960ddba2189afedaae868b0d7d4e73d7245329

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
2064
Content-Type
text/html; charset=utf-8
Date
Wed, 29 Nov 2023 17:06:01 GMT
Expires
Wed, 29 Nov 2023 17:06:01 +0100
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 924A 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2871
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 16:18:10 GMT
etag
48472445140208031
expires
Thu, 30 Nov 2023 16:18:10 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame ECC3 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ee7188bf49f80624cdd467c68e839639742ee9cf851c7ee83bbbbec9d9219ed7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Content-Type
image/png
pvClk.min.js
analytics.webgains.io/ Frame ECC3 		53 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.webgains.io/pvClk.min.js
Requested by
Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=50068900152000104444554012523002&nw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.28.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-28-99.cdg52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:26:53 GMT
content-encoding
gzip
via
1.1 18364d9ffa15c1c031d187551fa4d248.cloudfront.net (CloudFront)
last-modified
Thu, 23 Nov 2023 16:26:10 GMT
server
AmazonS3
x-amz-cf-pop
CDG52-P5
age
2348
x-amz-server-side-encryption
AES256
etag
W/"1180a1bfee0aad979766ecd6180b923e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
4Wgogxi8cQkqZrSWlSqjMCw3n3ShTKTNcLVElu_NRh7fQkM-n0XECA==
1x1_0.png
cdn.track.production.webgains.team/7121/ Frame ECC3 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1701277860&Signature=LVrEXTCQ0eLXV7cMM8f9FtZTS~mYvQzvNWrmT5gkoYBfyUZmcNl3BaR21iVmVkkQ6yfCuCRalgjeuXqNByYXfEBOSi92o1nlUx9GXyM0X1Bdr7qnnqJ0TJEInQMAeaA9CFS9sxKSliF5mCXTwnYdgX3z5MeiTJ-1Cxp-UEWleabK1z1PMoiBh0FKI6IW40ZpXOCpxl4hFv2HqGJZi~oj7YnqFBIHsMiHawwBsMn7tHt0Msb41FndI1zyYAXjqr08JQfOVgFLts-g15c2AVy0A5cjM67jpW5F3L7KfuNSQruPyv0OYjc3HUSYL4ENV~gS46ivWE44djVja1IKG5YWsA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.50.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-50-115.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

x-amz-version-id
null
date
Wed, 29 Nov 2023 04:06:41 GMT
via
1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
last-modified
Fri, 06 May 2022 11:40:06 GMT
server
AmazonS3
x-amz-cf-pop
AMS58-P3
age
46775
etag
"4e57de0506fbdb487ffcd53b450caee1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
2808
x-amz-cf-id
w72DXpnnYPiU-nzWUh4D1ya8ke_6LSYenXVqD8H5950QvB1aDck_Tw==
current
dclk-match.dotomi.com/match/bounce/ Frame 924A 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOm5BGaXQgyePwxF7PKOKlU&google_cver=1&google_push=AXcoOmRU_agTh1ANri0q-uCVvCcxquxeatUpiidwh78ZLC30FIv8Oe7BiPZPr1tmz8QQ0bVHagKWOudwK7wILA5lqn95HM4W1aB0
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:01 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
i.match
a.tribalfusion.com/ Frame 924A 		43 B
432 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.tribalfusion.com/i.match?p=b6&u=CAESEAOHgzAHPyxdTVFXjvXkvEs&google_cver=1&google_push=AXcoOmTg49xG0IwijOYvXdEeNz0RLUeYoGTSk4K1BbturvJNRjoZ_dZHbeZzawdHl2KU_DRF63CMMvN1qrmbcBq-B37ZbKSPfbkt&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTg49xG0IwijOYvXdEeNz0RLUeYoGTSk4K1BbturvJNRjoZ_dZHbeZzawdHl2KU_DRF63CMMvN1qrmbcBq-B37ZbKSPfbkt%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:01 GMT
cf-cache-status
DYNAMIC
x-function
302
server
cloudflare
content-type
image/gif; charset=utf-8
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
82dc70548f303632-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
x.bidswitch.net/ Frame 924A 		43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDmvu1lGDT-KWp9wQrFFzOQ&google_cver=1&google_push=AXcoOmQvL2ipIBIrVFAY8KVY2e4823XouNf_6VP8DqhK_pNBggXgt3dnp67LAaTbGEZ9CwkFBGJAV6DP-aD4bgc1dnPTBv58Ft4-
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.157.205.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-157-205-178.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:01 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
pixel
cm.g.doubleclick.net/ Frame 924A
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECsQvFJKSdvXg2pWk7HSgxs&google_cver=1&google_push=AXcoOmSQOXalzNoMD5-5h1O1nqoH5M8cjZbZRxXnCtp-bMVkapG2enpaD2t8R_2XgjIX_1v-xNnLAISV7LYApRYz0I0WaEZ...
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSQOXalzNoMD5-5h1O1nqoH5M8cjZbZRxXnCtp-bMVkapG2enpaD2t8R_2XgjIX_1v-xNnLAISV7LYApRYz0I0WaEZKU_T1&google_hm=eS1OcEw2c081RTJwSHVldU...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSQOXalzNoMD5-5h1O1nqoH5M8cjZbZRxXnCtp-bMVkapG2enpaD2t8R_2XgjIX_1v-xNnLAISV7LYApRYz0I0WaEZKU_T1&google_hm=eS1OcEw2c081RTJwSHVldUFWNTBzeVExVEdMTjNfVHE0c35B
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 29 Nov 2023 17:06:01 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSQOXalzNoMD5-5h1O1nqoH5M8cjZbZRxXnCtp-bMVkapG2enpaD2t8R_2XgjIX_1v-xNnLAISV7LYApRYz0I0WaEZKU_T1&google_hm=eS1OcEw2c081RTJwSHVldUFWNTBzeVExVEdMTjNfVHE0c35B
content-length
0
dds
rtb.openx.net/sync/ Frame 924A 		43 B
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEN9hto4uYrAiheMJd3XQBnQ&google_cver=1&google_push=AXcoOmRthbzuCGRuk3lzbHwpE0dS20ZORclVJG7H820SBzJWzNMvHnEueYwFwEpnBeK5S5vCH4hfK4Wyld39zfcWXeasAIfiJ9on
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:01 GMT
via
1.1 google
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
pixel
cm.g.doubleclick.net/ Frame 924A
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHKbDXEZ47cx-aHoD_2t0q4&google_cver=1&google_push=AXcoOmTK00XO6nwCk1JsaGv_em2WxP9U27YQ5uXfjeAmv5scMGM6o7_yowL9viulZCdAdniZMQK...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBLMFFGSDMtMTMtNlVMMg==&google_push=AXcoOmTK00XO6nwCk1JsaGv_em2WxP9U27YQ5uXfjeAmv5scMGM6o7_yowL9viulZCdAdniZMQK36tqkdhQ3L9dGTUVq2bRP_XRZ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBLMFFGSDMtMTMtNlVMMg==&google_push=AXcoOmTK00XO6nwCk1JsaGv_em2WxP9U27YQ5uXfjeAmv5scMGM6o7_yowL9viulZCdAdniZMQK36tqkdhQ3L9dGTUVq2bRP_XRZ
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBLMFFGSDMtMTMtNlVMMg==&google_push=AXcoOmTK00XO6nwCk1JsaGv_em2WxP9U27YQ5uXfjeAmv5scMGM6o7_yowL9viulZCdAdniZMQK36tqkdhQ3L9dGTUVq2bRP_XRZ
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
cc9654c54e9aa67bf2b10be1073297a8
Expires
0
pixel
cm.g.doubleclick.net/ Frame 924A
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_hm=ZWdvdToZxE-gKcOO0GHIlAAADTYAAAAB&google_nid=index&google_push=AXcoOmRkVGXGC3_RByJ8xx4nOPxZWmRKVRVca...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_hm=ZWdvdToZxE-gKcOO0GHIlAAADTYAAAAB&google_nid=index&google_push=AXcoOmRkVGXGC3_RByJ8xx4nOPxZWmRKVRVcafznqqx4xxCBjOAuHgaorZjoNZn4R8scbbmuLfkycUzjU4nuOPcIsaBMBfDXBZpp
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:01 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6QZPyYBeuDLw49nWvsnSJJ35YPsXLaIgZwM1ZPJnc%2BLwFP8L5lASOq%2F2OtGflm05ecpE4PA6FUn1D56u1Ir94hEGSDEjS4BU%2FpU0D01Al3uNmnqeKZYkXPtkqWqp13XjdEJkacu1RLRa1A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBHA63ihbr06h_S3nhLXh88&google_hm=ZWdvdToZxE-gKcOO0GHIlAAADTYAAAAB&google_nid=index&google_push=AXcoOmRkVGXGC3_RByJ8xx4nOPxZWmRKVRVcafznqqx4xxCBjOAuHgaorZjoNZn4R8scbbmuLfkycUzjU4nuOPcIsaBMBfDXBZpp
cache-control
no-cache
cf-ray
82dc70548a249b69-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
attr
cm.g.doubleclick.net/pixel/ Frame 924A 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IzxC_hmLDkUfnNq3rV6yS3sy2oPXTQ9I1MnEuMWGY07HF0QeqcLjh2UxBWLdLLkd9zK0WO
Requested by
Host: dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 17:06:01 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
css
fonts.googleapis.com/ Frame 42F0 		5 KB
682 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=50068900152000104444554012523002&a=c0aabf82
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 17:06:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 16:27:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 17:06:01 GMT
/
hal9000.redintelligence.net/scale/ Frame 42F0 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=50068900152000104444554012523002&a=c0aabf82
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.150.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
d1b4ae2dd4d8b12c71f6e4fb805892da40cd8657614f8cab3aeb35fed8507e0d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:06:01 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
12180
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 42F0 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=50068900152000104444554012523002&a=c0aabf82
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.150.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e58125c8247b854bc1728996fa13026ee777341d2594f099477b37f9f5ee0ed7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:06:01 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
12073
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 42F0 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=50068900152000104444554012523002&a=c0aabf82
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.150.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
3e25b33d679508551c9867b48899bc4c32afb0314d79b2af1f927d17869b932a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:06:01 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
9491
Vary
Accept-Encoding
Content-Type
image/png
viewability
hal90002.redintelligence.net/ Frame 42F0 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal90002.redintelligence.net/viewability?s=50068900152000104444554012523002&a=3fc0a5ca&vb=m
Requested by
Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=50068900152000104444554012523002&a=c0aabf82
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.47.10.4.46.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90002.redintelligence.net/request_content.php?s=50068900152000104444554012523002&a=c0aabf82
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

Date
Wed, 29 Nov 2023 17:06:01 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 42F0 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal90002.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 12:44:49 GMT
x-content-type-options
nosniff
age
361272
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 12:44:49 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 42F0 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal90002.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 20:59:44 GMT
x-content-type-options
nosniff
age
331577
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 20:59:44 GMT
dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328
adservice.google.com/ddm/fls/z/ Frame 86B1 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328
Requested by
Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMGWw-XY6YIDFRBCwgodcmAN9Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1751729459550.6328?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5994599.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Nov 2023 17:06:01 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tracking-event
api.webgains.io/ Frame ECC3 		16 B
209 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.webgains.io/tracking-event
Requested by
Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-177-10-97.eu-west-2.compute.amazonaws.com
Software
nginx / PHP/8.1.14
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 29 Nov 2023 17:06:01 GMT
x-content-type-options
nosniff
server
nginx
x-powered-by
PHP/8.1.14
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
x-xss-protection
1; mode=block
tracking-event
api.webgains.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.webgains.io/tracking-event
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-177-10-97.eu-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
date
Wed, 29 Nov 2023 17:06:01 GMT
server
nginx
03n83so79q240353r1o9nponn6r59orr-00002.ts
d29xw9s9x32j3w.cloudfront.net/videos/m3u8/1000k/ 		421 KB
422 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/m3u8/1000k/03n83so79q240353r1o9nponn6r59orr-00002.ts
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/easy-stn-player/7.27.3/easy-stn-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-126.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6f03b3ae21992a687ba2df27cab37d3af78bb159229f179eabad9936b900800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uintacountyherald.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.28 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 16:14:57 GMT
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3064
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
430708
last-modified
Wed, 29 Nov 2023 15:22:31 GMT
server
AmazonS3
etag
"db3d3c7190ef4779d7c4dd391431f0db"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
video/mp2t
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
pde0YpyswUAKyl7pCaJD8EDSFt4odmjzS9AnY8AuWBxxSjNzrbnRSA==

Verdicts & Comments Add Verdict or Comment

193 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| documentPictureInPicture function| $ function| jQuery object| card function| Payment function| Card function| Swiper number| mce-data-1hge0mlq1 object| tinyMCE object| tinymce function| tinycolor function| formatFieldLabels function| deleteRecord function| removeFile function| validateEmail function| sizeHeader function| emailArticle function| toggleFixedSidebarContent function| subscriberLogin function| resetPassword function| updateSubRates function| changeRatePlan function| loadAreaRates function| selectSubscription function| continueSubscription function| displayUpdatePanel function| cancelSubscription function| manageNotifications function| updateAccountDetails function| stripeResponseHandler undefined| placeSearch undefined| autocomplete function| initAutocomplete function| fillInAddress function| geolocate function| filterClassifications function| searchSite function| getUrlParameter function| watchVideo function| adStatusHandler function| injectLeaderboardAds function| EEditionBuilder object| flippxp object| googletag number| rnd number| pid517063 number| plc517063 string| abkw string| absrc object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing object| AdButler function| handleMessageFromNative function| ahm_rotateTRX2 number| _ahm_trx2_indicatr object| _ahm_trx2_indicats function| ahm_rotateTRX2_force number| ahm_trx2_curptr number| ahm_trx2_maxptr string| ahm_trx2_container object| dataLayer number| plc316820 number| google_unique_id object| gaGlobal number| ahm_trx2_rotator object| webpackJsonpCSW function| setImmediate function| clearImmediate object| civicscience function| countChecked string| CURRENT_URL object| $BODY object| $MENU_TOGGLE object| $SIDEBAR_MENU object| $SIDEBAR_FOOTER object| $LEFT_COL object| $RIGHT_COL object| $NAV_MENU object| $FOOTER string| checkState string| GoogleAnalyticsObject function| ga function| hj object| _hjSettings number| infolinks_pid number| infolinks_wsid boolean| IL_INIT object| $iceboot object| INFOLINKS object| wpJsonRciWidget object| ua_result object| revcontent function| renderRCWidget number| __mobxInstanceCount undefined| __mobxGlobals object| gaplugins object| gaData object| google_tag_manager function| postscribe object| google_tag_manager_external function| _typeof function| _defineProperty object| _snup function| ahmsll_release boolean| ahmsll number| ahmsllfail object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| owpbjsChunk object| owpbjs object| PWT function| dspCriteoRTUSCallback function| dspCMCallback object| headertag function| _33AcrossPpidMappingsProvider function| jsonp_1701277555523_42862 object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList number| google_srt object| google object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$companion_ad_selection_settings object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_rendering_settings object| ima object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error_event object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_event object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_manager_loaded_event object| goog object| closure_lm_701252 number| $iceId object| closure_lm_509136 object| hadron boolean| __halo_loaded__ string| ahm_tvx_placeId string| ahm_tcx_siteId string| ahm_tvx_templateId string| ahm_tvx_contentId number| cbuster string| puburl string| ahm_sChain string| ahm_sURL object| d string| s object| sParent boolean| ahm_tvx_oldLoaded number| ahm_spx undefined| sPlayer string| ahm_tdx_sURL object| sRotd string| myPropertyId object| clientSettings object| confiant function| initActiveTab object| activeTab object| ahm_config object| ahmpb object| pubgroup_config number| ahm_stackload boolean| ahm_loaded number| _xy number| ahm_stacktimer number| ahm_stackstart object| au object| bubble object| skins object| ahmpbChunk function| ILVideo number| verticalTransformTimoeout object| GoogleGcLKhOms object| google_image_requests number| ahm_stacktime

56 Cookies

Domain/Path Name / Value
uintacountyherald.com/ Name: XSRF-TOKEN
Value: eyJpdiI6InpJaUFHbnlhK1ZaN0FYd0JFSGZwK0E9PSIsInZhbHVlIjoiSzFNWTFleUFkMlVMTXZCUFQwUUVBcjBPeGJQd0JjNFRLNGJud3ZISWlnSWFtTnVndXVKU0tvVXdhVEt3K1pKXC8xdUl5T1RkeTJxK21aVVUyYmRMQVNRPT0iLCJtYWMiOiJmZWYwZGFjZDYwNDQ3MTNjZWQwM2JlZDVmZDgzZTFhMzgxMjJhYzAyNGVkY2UwNTk4MWIwYTQ2NTIzMmQzM2M3In0%3D
uintacountyherald.com/ Name: laravel_session
Value: eyJpdiI6ImlUYTl5QmNSU0dxK2RhVmJwQVwvbkR3PT0iLCJ2YWx1ZSI6ImVhKzN5dGNlcDJYU01CV200THRzV1djXC9adHphdEFXOGlTaTFmelZaMFwvRUNYNTR2M3BQck4wWForK24zK0U2NFRTTDAzSEZ2bk5wVmVLVTV6ajA2UlE9PSIsIm1hYyI6ImVhODNmM2I0MjdlMzYzYjQzODJkZmM0MzgxNTNiODVlMTljYzVhMmQyZTgwNTNkNGYyYTc2MzM3MTA4YWQwNjMifQ%3D%3D
uintacountyherald.com/ Name: flipp-uid
Value: 7f8ecb42-585c-4b66-b18e-b50477ca10b4
.uintacountyherald.com/ Name: _ga
Value: GA1.2.1964370080.1701277555
.uintacountyherald.com/ Name: _gid
Value: GA1.2.1454562336.1701277555
.uintacountyherald.com/ Name: _gat
Value: 1
uintacountyherald.com/ Name: logglytrackingsession
Value: 13ecb744-fbb6-49e3-b82c-5fedb5447dab
uintacountyherald.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.infolinks.com/ Name: cuid
Value: d3fd0d22-50cb-40cb-b0b8-db40b0e3dfd5
.uintacountyherald.com/ Name: _ga_J19JFGRKPN
Value: GS1.2.1701277555.1.0.1701277555.60.0.0
.p.flipp.com/ Name: gid
Value: "8+21ZgACdpEoAcnmBEuY7w=="
.uintacountyherald.com/ Name: _hjFirstSeen
Value: 1
.uintacountyherald.com/ Name: _hjIncludedInSessionSample_467830
Value: 1
.uintacountyherald.com/ Name: _hjSession_467830
Value: eyJpZCI6ImIyMDc3NTU4LWI0YjYtNGQ2NS1iNjE5LWEyZmVjZWE1NzY2MCIsImNyZWF0ZWQiOjE3MDEyNzc1NTU2NTEsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjpmYWxzZX0=
.uintacountyherald.com/ Name: _hjSessionUser_467830
Value: eyJpZCI6IjJmNTBkNmI2LTZiNWUtNWM2MC05NDNmLWQ4ODZkZjRjNGViZiIsImNyZWF0ZWQiOjE3MDEyNzc1NTU2NTAsImV4aXN0aW5nIjp0cnVlfQ==
.uintacountyherald.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.uintacountyherald.com/ Name: __gads
Value: ID=274271fe1f9c4229:T=1701277555:RT=1701277555:S=ALNI_MbrS16W_4wNCfu8zNod1-S72CrQvg
.uintacountyherald.com/ Name: __gpi
Value: UID=00000cfd2867a3be:T=1701277555:RT=1701277555:S=ALNI_MZqhul8WAeZFVUN3kv1dI_rvnFjGg
.doubleclick.net/ Name: IDE
Value: AHWqTUkA3AEbLAv134Dbb8-Iq7RBfJ9m7a_uvmouCYpjB4wAUFUss9JtaAR4lZNIpR4
.lijit.com/ Name: ljt_reader
Value: HvQBpBZHwqthqgl-SoerpmnK
.openx.net/ Name: i
Value: 9971adf5-905b-017d-297a-a842624d8223|1701277556
.go.sonobi.com/ Name: __uis
Value: d0b36548-33d8-4bda-8f76-a5e7d5593709
.go.sonobi.com/ Name: _usd_uintacountyherald.com
Value: c98c83af-db97-4ece-9d3c-f424a3d1772e
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: HAPLB3A
Value: s3539|ZWdve
uintacountyherald.com/ Name: _hjShownFeedbackMessage
Value: true
.adnxs.com/ Name: uuid2
Value: 1783215997467184825
.casalemedia.com/ Name: CMPS
Value: 3382
.casalemedia.com/ Name: CMID
Value: ZWdvdToZxE.gKcOO0GHIlAAA
.casalemedia.com/ Name: CMPRO
Value: 3382
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2Ilcs-]xV!]tbPl1M>e)ZlrFUfJ+tGXxouUdY%xI6[tL]..XHKIj#Sa^63#Oyy3IJ)$aB3If)y3KL9D3I?+XajcT5
.doubleclick.net/ Name: APC
Value: AfxxVi7l10myNma4_nA76Yo-5gtbhoZG8zy4RpzsUpboQtmZM3tI8w
.doubleclick.net/ Name: ar_debug
Value: 1
.redintelligence.net/ Name: 8lcfmzhxc8d6_uid
Value: 62ef871d94fab712
.retailads.net/ Name: ppb2172
Value: 3352767916
.futalis.de/ Name: raSIDb
Value: 3352767916
pixel.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.office-partner.de/ Name: source
Value: {"webgains_webgains":{"timestamp":1701277558460,"clickCookie":false}}
.yahoo.com/ Name: A3
Value: d=AQABBHZvZ2UCENRvUcNWrgHxmqOSw-iqeCkFEgEBAQHAaGVxZQAAAAAA_eMAAA&S=AQAAAjHECnc2hPPH2zLVtTHIj9s
.tribalfusion.com/ Name: ANON_ID
Value: apntuJRkP6i6eCno6nTrr8ZdBAZcWPrmgLes983GVhbO2VQvFcK1VUB31jrZcJB9kELGjSA1LZaL1v2Wvu5UZbphjyOOA
pb.media01.eu/ Name: DTU
Value: D24F90314E25C2EB8B5BCDD8C3E06C6C
.bidswitch.net/ Name: tuuid
Value: 92d1c203-c7a5-4c51-8775-fdd6facf2f2e
.bidswitch.net/ Name: c
Value: 1701277560
.bidswitch.net/ Name: tuuid_lu
Value: 1701277560
.openx.net/ Name: pd
Value: v2|1701277560|mOgesLwkgqn0vNvQiygu
.creativecdn.com/ Name: ts
Value: 1701277560
.creativecdn.com/ Name: u
Value: MxaDmYEeTJOnlzxgmO5q
.creativecdn.com/ Name: g
Value: MxaDmYEeTJOnlzxgmO5q_1701277560179
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0sjC1NDE1NTA3NRDiM9TVraxMNPF2iXRxsfQFACi_KOYlAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0sjC1NDE1NTA3NRDiM9TVraxMNPF2iXRxsfQFACi_KOYlAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_1slymtobmBoZG5uamZgaGkIAAZ31ZQQAAAA
.quantserve.com/ Name: d
Value: EOUBDAHFKoqsMA
.quantserve.com/ Name: mc
Value: 65676f78-31916-ac57c-387c0
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 1459446577521559206
.go.sonobi.com/ Name: HAPLB8G
Value: s8539|ZWdve

9 Console Messages

Source Level URL
Text
javascript warning URL: https://uintacountyherald.com/(Line 364)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ads.empowerlocal.co/adserve/;ID=181918;size=0x0;setID=517063;type=js;sw=1600;sh=1200;spr=1;kw=home;pid=5314064;place=0;rnd=5314064;click=CLICK_MACRO_PLACEHOLDER, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://uintacountyherald.com/(Line 364)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ads.empowerlocal.co/adserve/;ID=181918;size=0x0;setID=517063;type=js;sw=1600;sh=1200;spr=1;kw=home;pid=5314064;place=0;rnd=5314064;click=CLICK_MACRO_PLACEHOLDER, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ads.empowerlocal.co/adserve/;ID=181918;size=0x0;setID=517063;type=js;sw=1600;sh=1200;spr=1;kw=home;pid=5314064;place=0;rnd=5314064;click=CLICK_MACRO_PLACEHOLDER(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://embed.sendtonews.com/player2/embedcode.php?fk=Be6nXXXs&cid=12385&SIZE=400&floatwidth=400, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ads.empowerlocal.co/adserve/;ID=181918;size=0x0;setID=517063;type=js;sw=1600;sh=1200;spr=1;kw=home;pid=5314064;place=0;rnd=5314064;click=CLICK_MACRO_PLACEHOLDER(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://embed.sendtonews.com/player2/embedcode.php?fk=Be6nXXXs&cid=12385&SIZE=400&floatwidth=400, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://idsync.rlcdn.com/712559.gif?partner_uid=7f8ecb42-585c-4b66-b18e-b50477ca10b4
Message:
Failed to load resource: the server responded with a status of 451 ()
security warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 500)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network error URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://id.sv.rkdms.com/identity/?vendor=idsv2&sv_cid=5274_04512&sv_pubid=SENDTONEWS&sv_domain=uintacountyherald.com
Message:
Failed to load resource: the server responded with a status of 403 ()
other warning URL: https://dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15)
Message:
Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
a.ad.gt
a.tribalfusion.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ad.doubleclick.net
ads.empowerlocal.co
ads.eu.criteo.com
ads.pubmatic.com
adservice.google.com
adv.office-partner.de
analytics.webgains.io
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
api.webgains.io
assets.revcontent.com
c.amazon-adsystem.com
c1.adform.net
cat.nl3.eu.criteo.com
cdn-gateflipp.flippback.com
cdn-ima.33across.com
cdn.ads-flipp.com
cdn.confiant-integrations.net
cdn.hadronid.net
cdn.resonate.com
cdn.retailads.net
cdn.track.production.webgains.team
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
code.jquery.com
config.aps.amazon-adsystem.com
creativecdn.com
csi.gstatic.com
csm.eu.criteo.net
d29xw9s9x32j3w.cloudfront.net
d2zqfs55y95cft.cloudfront.net
dc36e5b39f8c9b660d534a120d84c9c7.safeframe.googlesyndication.com
dclk-match.dotomi.com
dsum-sec.casalemedia.com
embed.sendtonews.com
embedcdn.sendtonews.com
eu-u.openx.net
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900018.redintelligence.net
hal90002.redintelligence.net
hb.undertone.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.hadron.ad.gt
id.sv.rkdms.com
idsync.rlcdn.com
imageproxy.eu.criteo.net
images.revcontent.com
imasdk.googleapis.com
img.revcontent.com
japfg-trending-content.appspot.com
japfg-trending-content.uc.r.appspot.com
js-sec.indexww.com
justapinch-com-d.openx.net
lexicon.33across.com
lh3.googleusercontent.com
match.adsrvr.org
medialead.de
p.flipp.com
p.rfihub.com
pagead2.googlesyndication.com
pb.media01.eu
pixel.rubiconproject.com
player.sendtonews.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
pubads.g.doubleclick.net
pv.medialead.de
region1.analytics.google.com
resources.infolinks.com
router.infolinks.com
rt3014.infolinks.com
rtb.nl3.eu.criteo.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
s2l.sendtonews.com
sb.scorecardresearch.com
script.hotjar.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
servedbyadbutler.com
ssum-sec.casalemedia.com
static.criteo.net
static.hotjar.com
stats.g.doubleclick.net
sync.go.sonobi.com
sync.srv.stackadapt.com
targeting.unrulymedia.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
track.webgains.com
trends.revcontent.com
uintacountyherald.com
us-u.openx.net
www.americanhometownmedia.com
www.civicscience.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.justapinch.com
x.bidswitch.net
yeet.revcontent.com
104.18.13.242
104.18.36.155
108.138.36.117
108.138.36.126
108.138.36.73
108.156.60.6
130.211.10.17
138.201.63.150
142.250.186.66
144.76.91.199
145.239.193.130
172.217.16.134
172.217.18.102
172.64.149.180
172.64.152.89
172.66.41.9
178.250.1.6
18.157.205.178
18.173.154.87
18.173.187.118
18.173.191.32
18.239.36.10
18.239.36.81
18.239.50.115
18.244.28.99
18.245.60.23
18.66.192.117
18.66.97.40
18.66.97.98
184.30.211.26
185.184.8.90
185.245.80.231
185.64.189.112
193.0.160.131
2001:4860:4802:34::36
216.52.2.91
23.218.210.30
23.43.60.191
2600:9000:20a0:aa00:f:c7b3:ce40:93a1
2606:4700:10::ac43:17ea
2606:4700:10::ac43:246e
2606:4700:3035::6815:3136
2606:4700:3036::ac43:9f0b
2606:4700:4400::6812:2b5a
2606:4700::6811:190e
2606:4700::6812:19ad
2607:f8b0:4001:c1e::78
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:806::2002
2a00:1450:4001:808::2001
2a00:1450:4001:80b::2014
2a00:1450:4001:80f::2008
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2014
2a00:1450:4001:827::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2006
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9d
2a01:4f8:d0a:2321::2
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:fa8:8806:16::1370
2a04:4e42::649
2a05:d018:d29:3602:d09c:564c:cd27:b30c
2a0b:4d07:102::1
3.11.123.127
3.127.78.12
34.120.133.55
34.120.58.62
34.202.199.100
34.226.8.214
34.98.64.218
35.177.10.97
35.186.253.211
35.244.174.68
35.244.193.51
35.71.131.137
37.157.6.233
37.252.172.123
46.228.174.115
46.4.10.47
49.12.16.151
51.222.11.30
52.222.208.154
52.95.125.22
54.159.136.91
54.88.122.215
69.166.1.34
69.173.144.137
69.173.144.139
72.34.250.77
88.198.250.30
94.23.99.218
99.81.36.123
99.84.88.126
99.84.88.22
99.86.4.105
0077dda9560e1ff3171a016d7390330796612e54619094f5bafe6b5314e2eb8f
01f01b1e21685ff7d3205f6ab09c5f17880f5cebae153984ed37e924655b26f0
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0597ab745938c4a2cc0818fc2447beb211629e484fed0b4143bdd6fa5724be61
05c7ba81186b0be4238e6e39757350bcc41918c51858cb167d6112f6a3b7510e
06827a14761ece907961a2dedebe66ddaa89a18f875b94db92c4f2acf5b7f6aa
069e7473cfec3704ad6754a912d8c3af7e8f5bb9f1d028ffcdce957143c1051d
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a2877d35b782162338bb95faedfa08559e23788db9d926e97da4d0efd2dbfc5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba6d64a1c2901c72fd3795840c6270ecad21913d6c63c44abd23cca7eb0567d
0c659c2351251346d80951411cf3e8704b382d17b990f900212543f96faaa44d
0cac486081b2a44f9de91995f62ce8af1bd0f8edca38007c00a145ec7e80464d
107121045a7853e68204b1a3d59ff54da0161a5e601fbb7977e964f4c9105031
14906035a7b14b70faed0e4510d4dd1fa9a62a52c5d965a569cfa1994afdc918
15d2c9891ee435671284903c294405bada28295772a2e013e31f20cbe4242078
1718a500d475a7d43e60f5b0ae7da117ef7dae7b51b1d58c8187d3ccb7561469
1856d9b5b6bab37b309b28fe14f3de828d2997daa7e80b31da276ff234c3a8f6
18810cc7f62acf01765366af6b41e3890fd2ea526b7a35ce622873468d0f39ca
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
19f017b060eef42c6c184a49c2293ba61282cf67189da8025a13dd7dd680e588
1a4fa2ab2eef77b4612ad1ecbb324a9a7ff155be4e868b716a2efe937f6317d1
1c7a64ef7927a72ad708b7e637fe15660ce2886926662417cc58cc7b1d4fc9d2
1da668b550eefcd79d33e6ed0d2d95bdff861c0a27cb966283a9896135c25a25
1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87
210e46f3ef006eef3ed8d3f73bf3f26b4c6126b3bc53cb225923471f75e1ae66
21cfed7eb47b3b9d993cf5a71b4feb6e45c17a34e5355f197deb015ff7d877f2
228b3251f30d87c5d22b501e01b21a335a8e3d9966dff24f94b3d5a916b1df23
22a5a9f791dd78b31dc837db2dad5a352fd47a590b8068821282ff24be508e5b
22ba78a268cae9924612821674d7891fec313237a2fcfdb12507ec40f4ea151f
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
2365cc11ef3d43f265b848c7164e5487c7a49d6af06c2938ac9272c8d91fc1a2
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
311820d5eb820b43c8c8df75eb1c876220373554190e7e91f3c3e43d8faf725b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32fbee0e8be54aeae443085720bd3251c1313dc770591fb042059a029ace29d1
35b40f04792c8406a4d2fcd12d426b98f89677c8deff50d4ca847241c5d76df7
37da4f4e9645bcde259d1669db9d2548d9ff4f80e72bbe405232924129ae4db7
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3b7f1a6aeceeb60c709478e55147a48f4031ac6617b3ab089210f1f1f59b7204
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3cd346aff1efcc38119a600f75667ba0089a7a6bece2b905503fb7c0c65ddcb8
3e25b33d679508551c9867b48899bc4c32afb0314d79b2af1f927d17869b932a
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
431097f4f934bdc8ae8ea0d5d33a07573e22cf31f50e02499a1b12b98be7c4a2
434e426804c71ff13f6aca4add1394784d700881d77fb767bddeea97eaa88aea
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff
457249833b246938e567e500028f5584fe78f2e5fa861efe5996170fc04d95c7
45929276307f0831a63e6184871c29abcb03059e2788680b45b2007955e0d8ad
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47b726fd18aa3355c7f0277952419c5e1b33d3347ee2e4eff5e9b9be73040549
48451f7be5e01c64dc7b805673538f5d75a8708742ca4ac3efcb0926d64b7511
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48ea5787f01c0678de86c7861e830f03a3163a2d3a25ddb8fe3b343725dfeabd
4a32283aaba0418ac1b0953af32fbe71948d43e7cdc08abeca552a9373809087
4aa8f9c25b07f8e7f126b58996f768d6c743f80cef055036ce562f31b42ede3c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f
4d1b618b508d6e2c3ab4c4d98feeddfdb66e6d87d9dcfd88097f1d85480c3af0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa801dedeab49955dd5f76ca45f223e486d27ad782c5959e002c1fe6150eaec
523a9533f11df3058a5b0b01a77e91f3e6ad122daa14d874082fa906aaabe484
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54eacec863498628814d62c486eca8cd1c580c77a4dda865b5941006e40c6e66
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55fcc36756ba70a18a2ec4c371d723ffbf4a24ec94eed3013566b775911caff6
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
5862220784f844113ad16eedf12743d614552bace6a760c4a1e4e457b952d9db
58a8a37fc288ebcb1babc66777ac8c7a922e145d307567c8b7a824dc959c41f9
5931aada101730e169beb9b417f0156f5e4a58af804813543ee4537ae3c194b6
59ddf97f6e2d2c730808590edffb1c8caf4569dc1f10eb24c374e445911e6841
5d827fff167e3e0dd80812592a22621df80fda7610a0ed3a07ca49f94abe41e3
5db6ba4765f1c66bd5f451cdfad18c7d12a5fb2615b9d561a20b63b39e098cfd
5f7a6e6a2338db74b1a1ebba51aac8e37d1f0e78af0f133d30499a9bc57d810c
5f8929b16b10b4be3b00037a7fdc61f3ccdf6f189b22a53ac4dc57f62265da1a
61474e3090b7236062d8e0732ac341150f9098e25fa0f33a7aa2d3a1d80daa9e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
643f8a16ac220c37763778f80d240d23842c3116d46b587d002496cc6feec1ab
66178782b9e6b05a104c8ddd708c482af0e76efac62ee5f45d8062ecddacba6d
66d7813bab610e5af174d72309a1e4e71c0ca9cb3c8ac00ccc92829e8f32b6e7
67a0efe7750de1fd405c1e45e4d372df8edae60331f8f91a348ffb615811fa59
6851edc0fca6eb99fa5fa083c37055fb96b62567bcd4730305e755e4cc0ab82a
688a83886a5a759614fb53d73736845837de908ce3553b146471782995bc5943
68947e9ddb590b11f6c1250e1080ff031fb91fddae5b9d41eb307a20ae306e64
69848d17f84889ee20b38a8ec02d1f7502ed0b3ae5352b9533a4cefd6bbe11d4
69b5b96cf9c3ea4f1abfbce7dd1371b24b8a067868084b248b1cd6c5f5d6a4be
6a1b6deeb6d9b1d9947bba08a3f95710af6044247b36eff3cf22d8700838343b
6b30722487e92833baf8f01d6b2d2fed4e459d7cd42dc81ac1a80d8d08b9450e
6b5c2f31f34b40f32d70205a9d3fb56a96a61c5ab2a1fa1e4ce665e22afbb6ce
6d0d13287d82c31c4b1eab501be7341a72eb8656621f1e75c8af80dcc0d3f718
6d59be64a04beed93e3eebbe6cc1bc2be05e6f03e726c59b17264735069549c8
6dcf81c6a03ea6e0d1ec5a031ee6abab0dacee19f0d391384f54ba5b7ee97b35
6ef74839b7325b8e49c955d2ce092a906e6ca09b3853fcfaaca6bb8dec42f327
7028e343739c0f4a10cd10c0e053a6d56f7bf2bb0fbaec578c7eae053854e3b1
71ec08c379d02f2dc289738042a2b7842b8a3f35a90747497a337326075715ae
72311de052bfd96ef38559c81b625ca11bd5d4cc47a927c326b95aedad11aa1e
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72e8fb508a9e03406a7372fdaf74abb52787bda50dce7c739f444042fb39432c
739aa83cc036212f119f8900fb3c235bc7c234a1b50c3a4d18ca84b4b99558d1
73fca04bf02a7b839b2dcfb516a89276457a9fb19b2b98d383ed23ab871e126f
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
752ac7b6a1d83373e07af1ee17b3a0e4a304e9b9304b55e49d93c7ab6a1c394e
77a17bd55486aef26d2fbbe92b56672398378b1ad7ba7975c79742b4772d52b1
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7cb1059c2a8e87dcb30c7974fa68d2c93fa16802dad09c4158dd1feca5b2cc3e
7df1e9c77a18f0058fdbe776f5f12cec1055f8139eb239ead6ab4b354ae64934
7f4595c0922ca80c69791bc2c3b887d15679c02c4e3ba2ca67747aa5ee50bac8
7f643d148ed9a4aac91a55dc27b1a87cc26905b2c659521ef2e23f238dc9555f
8187d4c5ee3a9ff84d7a0acbeddc81d7e08d41c1fbb7abc4c791b95f1c197171
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
829731dcdf08025f3d898c8c3a68acb42b0496dcdd8fc61f85ec5dbbf6a69b02
830d898d934130a45af1c5cb362bacc74be0edff8ada096b4df52dcc89e9a7d4
843eda5aa5456a103512eaff44967044a8c56bbebdd3e6082d39e0d1e8fe5f2b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2
89d184a593ccc33952838029fb12555deda79106244f026bca102216446ce144
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
9470010730b754d8563690539a873235785bfd53e4af5cd93e0b08567d76c45e
94a557b756089fc7dde1c857bb1a2f776dff6aeec3ceead5c2fa2304433b88ee
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5
95f3c0df8bcfdfc857164e2ab9ad9aa4686ff6b3b854f16302e193d5722f68c9
9685a4d85c81e047f2081c57b9030e743390862426250881c5bc02298adaed07
96c159e310173e9827e0a00baacffc759052a14e6aa8c49f9abaf7f1c5fc3010
977f1afcfa3cca65301bdd18357f8a34ed8a5d119480930ad6c3dbe76062cd95
979f0ee7f6ab022009e3b2a7c6ccca13cb597463d6214d4b7855304012b5893c
9861f51d1896f195c45f603bdc6b7f1455817966f5da945371c922a6f8797711
986dbf199148339b2f4e874acec7466a921f043a1cb7eff7c79881538afff006
98ad025da55f90c2d3a40af4b85ba698aafe1f5ba257f4805eeb400ce35d2484
99c4424f08cb5b43e2e5069c49cdcba08b7761fca12df26ee31a6e6a82523a0d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
9e0a5d077b1477b54e9f1df6c9c40070b2574f709914d83433b581e09b57c335
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a069d7fc3a4e02749d02c01221c12adad326d136dc5e96d84134f6c3ebc08f1a
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a2eacbd0a55e794d92e79a03b68c07f613a0ab710ffaffe5f1d12d67aac843a1
a3b65ede8aa80d69086ebfc2ba95190db553d3c3c2dea16d2680f3e38139cf69
a4de1e27f83eb7660e650f61a7b3cae568fff6554aabf2ece6acaaa943814bbb
a5d43569ce3d8558c9ae005da6e46cfd9aae4b2b5c58200f616d28f77096379e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7db437e5bd081bcec2137200fb548a4cbf3d0c9594a41351068d8c5fbeb51d8
a8ba06958297f0be9558ceb69e9af6a47ac8d5130f49e92bc29db08c9403dffd
aae2f801add8a90f3f29537c5bd73bc45a11383b6092e6bd27beacc0abf5b657
abceee02258e3f1fd5b1699be51e6cdd33f708917d4e6b8ad7ea6ec14b4d3a13
ac6824f97f0a8387533c1aceef1fb36fc73db5b1af2036035f3cfd58763507df
ac71735f39c340f7bcc05497dc26ffadb3ac700a3aa990d71da86ca182464903
b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1b3793f1f30ddbc4854cafbf2b9bc37f21c9e6e16b5b87c5607c9f20f9bd77d
b2bdac211f43fbee9eeb4d50f8755206599f76296cd15316a97c9d2cb2050d2f
b41eaede202328cb31b62ef15ba289d329227d8c8c30531e5414249b9de2015c
b6f03b3ae21992a687ba2df27cab37d3af78bb159229f179eabad9936b900800
b7e740e128d97a6caebc8552957110daa769eabac505c9545aeb097e153620a3
b8145ca34601d716f66b9ecaa7a60f641ac134365d3a73b5c736df533acf6ec7
ba005884302c65983e86c49afd2e6bf0d3ca60166c861ee2888d716ceed13e02
bb0f736d0d23ef584314ede0fda44f4a1dd74407a24f0041c9523e657d22d008
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8
bbe117bd982a22eeb9da6a7214d526e0a9f0b798b7fdc44ab7b854db17da14f5
bc892a24048c89b646884d447742d249c3870739f8b5c2c4a2fd9bc0b6063766
bc9227007193b0a837a770d50ec3024ab991ee740cb694c139e35bee4ff0be1e
bcabd5e8a073d7d568285ba4f707f2e224e21266145dc4e47aad9cd1da27cd27
beaccc653c47d03c7afbc10a2ae03f6daeb78e15094aa18067533d2d4b4a3bf2
c02ccf4ffd38f6e1602a17e22029a37e1827a19cc5b202d5268c4f9c9336a38d
c063693d624db0edfc01cd250407f03a28978827eb522a63a9bd9a81de1d43fe
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c29f62b0d248841fad109970af8ae43b6f13614bbc13072767770b947ca5e92c
c39917236430bd958523690f9f885ce328c86dda41009e88b42a75d1cc7b9954
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cbf112e7f6c6ce27de3f10dc88b8ff53f44c4df23ec42225eace10786cbf99d9
ced245e1118d807c7c57c20a581109ce7fac58cfcc8dce18d8a983f54acd427f
cf32b167930284d9ff27cc9a2e636db1d285d19a8e227e3a7b7b251416594b1d
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d01e0ce8ebc980e3361c9a352d230fcbae74cd7b3c0d83e0676adf3754f0363b
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d10172c4af50c22ad6b2cf368c960ddba2189afedaae868b0d7d4e73d7245329
d17cd1b0750b9aca5b829de55c1825856c83c5a39308ba68f5a8f2a107836d02
d1a2da045d78c4ed73d71581e1607e7ea958d598ff919dfb7fb72d53fb18b43e
d1b4ae2dd4d8b12c71f6e4fb805892da40cd8657614f8cab3aeb35fed8507e0d
d30ebe5017ee0a99c84556e36d105000a7352a72b16bdd457a813ff75197ce46
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
d50675d04142e9bfd9a7066718b8f5f9336d4000b1c8dc5542002955d9b002c7
d5b91b74c3adc2d12f3ca42eeb69a8c59adac9f59e9fdf30d62504d1be9835f7
d6cbc6e0c356ead580f680048e3925fb5d55b31ac9dc3eab2ef79cf0a433b219
d7133c07da0d7df5ae3d5fe3ff8a67982a5af918e7ec147af765f1ba7e14b641
d9933ec423930f1615d6aa1cc84acc90eab1a6f46b54a87c30a5fbf51697d353
da1b94b16cc73ab273a2c57777f6023480e0c24e607e48233a47ca6ecaa2d058
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
dd5ecb6c1299f05c9b6f44225275198c2aa45956538fc21a86593bba0bf3986d
ddd389d4f1655ad272d4e68917b2f5eccaa161ead9d8ea8697d0fa6c60541e54
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfb5be0b0ed00c21f6cc36a602d18f3d95f0a341706599607149a201434d27c8
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d60a87e0fb97b4920df50ad00d001270a7def0818dbed8dadf92757b591f00
e58125c8247b854bc1728996fa13026ee777341d2594f099477b37f9f5ee0ed7
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e86016be4caf9bb99fc3944097ecacedbb139ff2f8421d9c74dc56cc3e3f1c27
eab77f198c4a6ee98097b8978b526af6a95c3e2158fbaa5c477708f8392cb782
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ece864356b2a5fcc81af5663854530d87ebcb622acea8cc5a95bd7a64449ed3a
ee61ec65bd3bc8cc949991393cfd5aca248620bc53e8ac94f9afe44c30961c0f
ee7188bf49f80624cdd467c68e839639742ee9cf851c7ee83bbbbec9d9219ed7
ef0e671e922fc0fe31a2c3482e697f3c1d08450cc95a391452adebefc1e791ed
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0682c5bcb9a2e1a7a27212c0fcebe713d653ad64e32742d4a4dbea937bb6bb7
f4f6adfb5ea3d9502595163ad4b4d3d57fb796477f2e23d1980687f3abad5f38
f582d452c8d91509d4fb0b3408b4f42b913dae4b0cbe3196ee076940c0d15739
f58e6745de6de51a1ed7252fc74c7a0d13a570034fd45e12336f0c40b0ebdb1e
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f885ec8a0a68847aff7c6bb94968bf7cb5099c0c449ae1535cf8515cc0ff8e18
f949c3a62049563726c6e01f7bb507264045d669b4185cfb9da37dc28f5ba6ea
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
fad08488ab9bdf68897a3a6eeb699584c94d259cf814b1f81a330964852f0274
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd
fc4508ce72fb8c96bb9d5baee833c2c1fe358c525527a85e36a0f03bcb3a16b9
fce1a98db0531c27cfef47e2bfff90b511ad1a946d72d9eb92f125d256d7227d
fd8e6d26ae464a400f3c77955c4d426cec2d159f514c30ff72f9155f6e606a15
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
fecad8e87224d77c1c5df9ede853ccae7d4be0801328b372c2c900ad8a71fa93