blip.fm Open in urlscan Pro
54.163.233.121 Public Scan

URL:
https://blip.fm/billpig50
Submission: On June 08 via manual (June 8th 2021, 7:51:48 pm UTC) from US

Summary HTTP 179 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 45 IPs in 8 countries across 47 domains to perform 179 HTTP transactions. The main IP is 54.163.233.121, located in United States and belongs to AMAZON-AES, US. The main domain is blip.fm.
TLS certificate: Issued by R3 on June 1st 2021. Valid for: 3 months.

This is the only time blip.fm was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	54.163.233.121 54.163.233.121	14618 (AMAZON-AES) (AMAZON-AES)
7	65.9.58.220 65.9.58.220	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
3	2a04:4e42:62:... 2a04:4e42:62::760	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.219.105.178 52.219.105.178	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
4	52.222.200.121 52.222.200.121	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:218... 2600:9000:218d:2400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 21	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:5... 2600:1901:0:524d::	15169 (GOOGLE) (GOOGLE)
2	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
18	2600:1901:1:c... 2600:1901:1:c36::	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
6 20	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
6 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	185.33.220.243 185.33.220.243	29990 (ASN-APPNEX) (ASN-APPNEX)
1 11	138.201.63.116 138.201.63.116	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.220.30 138.201.220.30	24940 (HETZNER-AS) (HETZNER-AS)
6 6	89.207.16.72 89.207.16.72	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2	104.111.248.232 104.111.248.232	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.38.64.108 54.38.64.108	16276 (OVH) (OVH)
2	46.236.13.147 46.236.13.147	24931 (DEDIPOWER) (DEDIPOWER)
4 5	95.131.136.1 95.131.136.1	47841 (OXALIDE) (OXALIDE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	37.157.6.252 37.157.6.252	198622 (ADFORM) (ADFORM)
1	213.155.156.185 213.155.156.185	1299 (TELIANET ...) (TELIANET Telia Carrier)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	185.86.139.103 185.86.139.103	201081 (SMARTADSE...) (SMARTADSERVER)
4 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1 1	185.29.133.58 185.29.133.58	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
179	45

19 54.163.233.121 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-163-233-121.compute-1.amazonaws.com

blip.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 65.9.58.220 (United States)

ASN16509 (AMAZON-02, US)

d1uswytv6491xe.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)

sdk.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.219.105.178 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com

empowerlocal-plugin-js.s3.us-east-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.200.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-200-121.cdg50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:218d:2400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:524d:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

apresolve.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)

api.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.185.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.33.220.243 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 138.201.63.116 (Lingenfeld, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.116.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal90004.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.220.30 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.30.220.201.138.clients.your-server.de

hal900016.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 89.207.16.72 (Wimbledon, United Kingdom) 6 redirects

ASN41041 (VCLK-EU-SE, US)

www.lduhtrp.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cj.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.emjcd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.248.232 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-248-232.deploy.static.akamaitechnologies.com

www.yceml.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.38.64.108 (France)

ASN16276 (OVH, FR)

www.hipanema.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.236.13.147 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 95.131.136.1 (France) 4 redirects

ASN47841 (OXALIDE, FR)
PTR: front.netaffiliation.net

bms.bayard-jeunesse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lov.saveur-biere.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.252 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.155.156.185 (Sweden)

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 213-155-156-185.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.103 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

img.metaffiliation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.133.58 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	doubleclick.net 7 redirects stats.g.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net	230 KB
28	googlesyndication.com 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	122 KB
19	spotify.com apresolve.spotify.com api.spotify.com	2 KB
19	blip.fm blip.fm	709 KB
16	redintelligence.net 2 redirects hal9000.redintelligence.net hal90004.redintelligence.net hal900016.redintelligence.net	70 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com	9 KB
10	youtube.com www.youtube.com	668 KB
7	cloudfront.net d1uswytv6491xe.cloudfront.net	18 KB
6	adnxs.com 4 redirects ib.adnxs.com	6 KB
5	yahoo.com 5 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	5 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	68 KB
4	saveur-biere.com 4 redirects lov.saveur-biere.com	4 KB
4	googletagservices.com www.googletagservices.com	123 KB
4	amazon-adsystem.com c.amazon-adsystem.com	36 KB
4	googleapis.com ajax.googleapis.com fonts.googleapis.com	32 KB
3	google.com adservice.google.com www.google.com	1 KB
3	google-analytics.com 1 redirects ssl.google-analytics.com www.google-analytics.com	36 KB
3	quantserve.com secure.quantserve.com pixel.quantserve.com	10 KB
3	scdn.co sdk.scdn.co	120 KB
2	openx.net 2 redirects rtb.openx.net	758 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	metaffiliation.com img.metaffiliation.com	5 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	adform.net 2 redirects c1.adform.net	1 KB
2	webgains.com track.webgains.com	11 KB
2	yceml.net www.yceml.net	49 KB
2	emjcd.com 2 redirects www.emjcd.com	2 KB
2	dotomi.com 2 redirects cj.dotomi.com	2 KB
2	lduhtrp.net 2 redirects www.lduhtrp.net	1 KB
2	jsdelivr.net cdn.jsdelivr.net	311 KB
2	quantcount.com rules.quantcount.com	875 B
2	amazonaws.com empowerlocal-plugin-js.s3.us-east-2.amazonaws.com	13 KB
1	blismedia.com tr.blismedia.com	136 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	478 B
1	mathtag.com 1 redirects sync.mathtag.com	816 B
1	smartadserver.com 1 redirects ssbsync.smartadserver.com	456 B
1	de17a.com d5p.de17a.com	134 B
1	travelaudience.com 1 redirects ads.travelaudience.com	613 B
1	bayard-jeunesse.com bms.bayard-jeunesse.com	1 KB
1	hipanema.com www.hipanema.com	3 KB
1	google.de adservice.google.de	799 B
1	addthisedge.com v1.addthisedge.com	325 B
1	moatads.com z.moatads.com	1 KB
1	addthis.com s7.addthis.com	114 KB
1	ampproject.org cdn.ampproject.org	21 KB
1	medium.com miro.medium.com	36 KB
1	cloudflare.com cdnjs.cloudflare.com	13 KB
179	47

	Domain	Requested by
20	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
19	blip.fm	blip.fm
18	api.spotify.com	sdk.scdn.co
15	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
10	tpc.googlesyndication.com	091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com
10	www.youtube.com	blip.fm www.youtube.com
7	d1uswytv6491xe.cloudfront.net	blip.fm
6	hal9000.redintelligence.net	091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com hal90004.redintelligence.net hal900016.redintelligence.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	googleads.g.doubleclick.net	1 redirects www.youtube.com 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com blip.fm
5	hal900016.redintelligence.net	1 redirects 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com hal900016.redintelligence.net
5	hal90004.redintelligence.net	1 redirects 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com hal90004.redintelligence.net
4	lov.saveur-biere.com	4 redirects
4	ups.analytics.yahoo.com	4 redirects
4	www.googletagservices.com	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com securepubads.g.doubleclick.net 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
4	c.amazon-adsystem.com	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com c.amazon-adsystem.com
3	091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	fonts.googleapis.com	blip.fm hal90004.redintelligence.net hal900016.redintelligence.net
3	sdk.scdn.co	blip.fm sdk.scdn.co
2	rtb.openx.net	2 redirects
2	img.metaffiliation.com	hal90004.redintelligence.net hal900016.redintelligence.net
2	image6.pubmatic.com	2 redirects
2	c1.adform.net	2 redirects
2	track.webgains.com	blip.fm 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
2	www.yceml.net	hal90004.redintelligence.net hal900016.redintelligence.net
2	www.emjcd.com	2 redirects
2	cj.dotomi.com	2 redirects
2	www.lduhtrp.net	2 redirects
2	www.google.com	091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com tpc.googlesyndication.com
2	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	cdn.jsdelivr.net	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
2	pixel.quantserve.com	blip.fm
2	rules.quantcount.com	secure.quantserve.com
2	ssl.google-analytics.com	1 redirects blip.fm
2	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com	blip.fm
1	pr-bh.ybp.yahoo.com	1 redirects
1	tr.blismedia.com	091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
1	gcm.ctnsnet.com	1 redirects
1	s.tribalfusion.com	091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	sync.mathtag.com	1 redirects
1	ssbsync.smartadserver.com	1 redirects
1	d5p.de17a.com	091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
1	ads.travelaudience.com	1 redirects
1	bms.bayard-jeunesse.com	091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
1	www.hipanema.com	hal90004.redintelligence.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	apresolve.spotify.com	sdk.scdn.co
1	www.google-analytics.com	sdk.scdn.co
1	s7.addthis.com	blip.fm
1	cdn.ampproject.org	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
1	www.gstatic.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	stats.g.doubleclick.net	blip.fm
1	secure.quantserve.com	blip.fm
1	miro.medium.com	blip.fm
1	cdnjs.cloudflare.com	blip.fm
1	ajax.googleapis.com	blip.fm
179	63

This site contains links to these domains. Also see Links.

Domain
www.openlearning.com
blog.blip.fm

Subject Issuer	Validity	Valid
blip.fm R3	`2021-06-01` - `2021-08-30`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.scdn.co DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-09-01`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
*.s3.us-east-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-14` - `2022-01-18`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-05-06` - `2021-08-03`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
*.spotify.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-03` - `2022-05-03`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
www.yceml.net R3	`2021-05-18` - `2021-08-16`	3 months	crt.sh
www.hipanema.com R3	`2021-04-27` - `2021-07-26`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
bms.bayard-jeunesse.com Gandi Standard SSL CA 2	`2020-10-14` - `2021-10-14`	a year	crt.sh
*.de17a.com Sectigo ECC Domain Validation Secure Server CA	`2020-11-25` - `2021-12-25`	a year	crt.sh
img.metaffiliation.com Gandi Standard SSL CA 2	`2020-12-09` - `2022-01-02`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh

This page contains 18 frames:

Primary Page: https://blip.fm/billpig50
Frame ID: 94B10B1BEC03842A112822E120FE3516
Requests: 63 HTTP requests in this frame

Frame: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
Frame ID: 2BDAE7200B80312F4691C116BF394BE4
Requests: 12 HTTP requests in this frame

Frame: https://sdk.scdn.co/embedded/index.html
Frame ID: 5B9A885729057EF8B11B0B94AB9D874A
Requests: 13 HTTP requests in this frame

Frame: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E53250DC84A73ABB06D58327B2590EC6
Requests: 14 HTTP requests in this frame

Frame: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D889645EDF40BBA507C32D8884BEC233
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYsPmvXDAB&v=APEucNWxLR3rt-RrkqMkCtIX0NUnIJmMw4dTgJ6ED9xYO3cJjSgK_uIav6YyXy-RvGyowpcv2ZthSwG4Yi4F30FFslgyPumzFVZMDjKFCYYI9QOej_drMq_iV8qsIDR6zKMRZemJ1sucjTZ18NSBpFtXVVI3gzn4OxeGJk8vAgpVlZG5Oy0VLmg
Frame ID: ADEC011278D5FD1D5538E46B0E023767
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYs7qwXDAB&v=APEucNURjOV_AIPAFDASRr98lG0H6AEkvlYLsBvyX2EiRCVd2nxztdIbwxR6ZEZv0__6bpMLRlDl5WHLrAbxX2X-Z4HninuymXRhtWxWSJTUFwMJ91T9v305sVEoo4E5wQKXWKK7EIlXZhSeJsdrp7he9yQyO5cBPqbT587A7rUUJglPllKfs2g
Frame ID: FAA6F10D8317626D73C490E0DC6BB4D2
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1DAFB016FD2D0C8DD48E2741F9D6C3E0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 746207F417F3F0872BB771CFB7CAD1AD
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 81663F7FDF3E96554B5A57A9CEA0A174
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EB0387454C9842AFBB186214AA67A993
Requests: 1 HTTP requests in this frame

Frame: https://www.yceml.net/0726/14446294-1613646867749
Frame ID: 5F609B9195F66BE938EF6ACC367104FF
Requests: 1 HTTP requests in this frame

Frame: https://www.hipanema.com/module/sym_tracking/postview?source=webgains
Frame ID: 5FD0B2F26978C59DD09513192496D71E
Requests: 1 HTTP requests in this frame

Frame: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
Frame ID: F316729F2C5A092EE92BE3533FB61D2C
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E3FC106BD7D0A30F25779282AFAAC32D
Requests: 9 HTTP requests in this frame

Frame: https://www.yceml.net/0726/14446294-1613646867749
Frame ID: 242563C36D08A53C388B2D207A224F2B
Requests: 1 HTTP requests in this frame

Frame: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
Frame ID: BAEA4CAC8A9B1B2579BCD01DD9D7DECA
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E7368CADE048BAF85130B1A45FF9CA9D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

Red Hat (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Red Hat/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Handlebars (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js/i

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /(?:\/([\d.]+))?\/vue(?:\.min)?\.js/i

AddThis (Widgets) Expand

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

179
Requests

99 %
HTTPS

48 %
IPv6

47
Domains

63
Subdomains

45
IPs

8
Countries

2825 kB
Transfer

8117 kB
Size

8
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.openlearning.com/u/kearnscelik-que4m7/blog/HowPopularAreYouOnlineIsActuallyWhy
Title: https://www.openlea…OnlineIsActuallyWhy

Search URL Search Domain Scan URL

URL: http://blog.blip.fm/faq
Title: FAQ

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=563778960&utmhn=blip.fm&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Free%20Music%20%7C%20Listen%20to%20Music%20Online%20%7C%20billpig50%20-%20Blip.fm&utmhid=1229581055&utmr=-&utmp=%2Fbillpig50&utmht=1623181891733&utmac=UA-1449388-5&utmcc=__utma%3D171230451.1231501152.1623181892.1623181892.1623181892.1%3B%2B__utmz%3D171230451.1623181892.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=545371460&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1449388-5&cid=1231501152.1623181892&jid=545371460&_v=5.7.2&z=563778960

Request Chain 49

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1&C=1

Request Chain 102

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL-KRvUSkZ2sybeho3QH0wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECrOZrb5C-Vjcmzaax2sCEA&google_cver=1

Request Chain 104

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyNzkyNDgzNjY2ODM1Mzg4

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1&C=1

Request Chain 106

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL-KRvUSkZ2sybeho3QH0wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECrOZrb5C-Vjcmzaax2sCEA&google_cver=1

Request Chain 108

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyNzkyNDgzNjY2ODM1Mzg4

Request Chain 118

https://hal90004.redintelligence.net/request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrvBpRcq_YOH0CJmt3wOOxaqoAobdsNJdvPvGvNAJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9BsIZ62vZuP5UZvHUsAj7s3sjC1WJ_78nhR_D5nBYStUXbfD2AD88x8HC8mgF6HNj4YM8chuwhseItNJYS3TY4q7HeJarg5t7cR9vUyGvnximVTVGL5IbOkvjmV5G_apFi32YFPpFvu4Lch9wqxnGAXDhhBWfLDS8-zdIInU_6hdrvKkeT5xFta5CQMHgMUp2jB_2zvU843hoZ2XGX16RKUnUaRSNBY17JykN1a6lOvDJihEAg7FsyNDsAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoLiByXqUp1iO1Ot9_kkb1aQ%26sig%3DAOD64_08HAmr5BlXKwGniqqOsMWyOmXbGA%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-AlY6rnIbjK-PwD9bGTyu6XCbab4CVV9BgKQLanuCwjXKmDRojO8b_SARlVmfxF4wZ42DD2g7T5bitHfxwBDV50XIrxmWtl8Ypp-JjdduTDWHprqJVJVM4mV5gYCJyTXDrRF-WWy50YHrhP2F_ly-SBOL6Y0g%26cry%3D1%26dbm_d%3DAKAmf-CcilRVyTC5lZeB4kGNQvSce28bNP4xR_eZc03sstW1BtdYdRjkJKdLyFQMlwUrSKKOXf-v6h7j2uAp2bKkACz5l6FTnlUILoMO6DL0rSXTkpzPShBj-1ztzpeHNaFsrBM3d9DwvMLdhEYjImkHkN1WZULty505ayy34dlhnvW2GYTlsGRWPaRjitaHfscP2xpW9UyS8T29giS3WYaRe-imr0o6tI4AkTJ7uITztZDdktrd_uoH7pPZxd6z1VePkbK7ldIKyyi7QSBr3XTAr4gmcp-qOZpu21VXrMPk1Qzr92wdOAzaGpkoOQnvHLd-uZOT8mpFY_djxIXonwNSiX6sJ1DG5gLMQjL0qgIUpbov6gL2fIoVeyVR6CzPDrAIDetP_T6SVqA11HC6cNyn4OzNLJBhgmkMC0Z9pQBx45ql-v10WSB5O0hRKcVil7U-eIK7WUPH%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=8022636357056&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 HTTP 302
https://hal90004.redintelligence.net/request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrvBpRcq_YOH0CJmt3wOOxaqoAobdsNJdvPvGvNAJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9BsIZ62vZuP5UZvHUsAj7s3sjC1WJ_78nhR_D5nBYStUXbfD2AD88x8HC8mgF6HNj4YM8chuwhseItNJYS3TY4q7HeJarg5t7cR9vUyGvnximVTVGL5IbOkvjmV5G_apFi32YFPpFvu4Lch9wqxnGAXDhhBWfLDS8-zdIInU_6hdrvKkeT5xFta5CQMHgMUp2jB_2zvU843hoZ2XGX16RKUnUaRSNBY17JykN1a6lOvDJihEAg7FsyNDsAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoLiByXqUp1iO1Ot9_kkb1aQ%26sig%3DAOD64_08HAmr5BlXKwGniqqOsMWyOmXbGA%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-AlY6rnIbjK-PwD9bGTyu6XCbab4CVV9BgKQLanuCwjXKmDRojO8b_SARlVmfxF4wZ42DD2g7T5bitHfxwBDV50XIrxmWtl8Ypp-JjdduTDWHprqJVJVM4mV5gYCJyTXDrRF-WWy50YHrhP2F_ly-SBOL6Y0g%26cry%3D1%26dbm_d%3DAKAmf-CcilRVyTC5lZeB4kGNQvSce28bNP4xR_eZc03sstW1BtdYdRjkJKdLyFQMlwUrSKKOXf-v6h7j2uAp2bKkACz5l6FTnlUILoMO6DL0rSXTkpzPShBj-1ztzpeHNaFsrBM3d9DwvMLdhEYjImkHkN1WZULty505ayy34dlhnvW2GYTlsGRWPaRjitaHfscP2xpW9UyS8T29giS3WYaRe-imr0o6tI4AkTJ7uITztZDdktrd_uoH7pPZxd6z1VePkbK7ldIKyyi7QSBr3XTAr4gmcp-qOZpu21VXrMPk1Qzr92wdOAzaGpkoOQnvHLd-uZOT8mpFY_djxIXonwNSiX6sJ1DG5gLMQjL0qgIUpbov6gL2fIoVeyVR6CzPDrAIDetP_T6SVqA11HC6cNyn4OzNLJBhgmkMC0Z9pQBx45ql-v10WSB5O0hRKcVil7U-eIK7WUPH%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=8022636357056&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1

Request Chain 119

https://hal900016.redintelligence.net/request.php?zone=zfxs41mp1p1v&nw=20&renderingType=javascript&namespace=0c0d3934e2&subid=&uid=5d0bd41be97188b7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCWjz9Rcq_YOD0CJmt3wOOxaqoAobdsNJdzo_0sfwJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9DoK0K8330tsTcpseKwAfRDjBj-FkaRIm_wskCExibxeY0fG82yGqd2gdeBiBIu0ya2yS8kOtxOaUhpGjh8j98w0UFdeoUIi08ebOUX_9MzPmn8gM6GzewJBhh8rYYK_kldyl3sLA_yYpwVShLLpQn5n8ZvbzlfJi7AIxGggsZ-qdoaptfKJmsOL8f7Lv8s6XPhS9OW9uq9v3J2doUgAdw0zSpgbB5E5dEaWTUaNZCg32NthW7cDaJmGcAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRomJSRmqFLIWt_yZR95bA9Vw%26sig%3DAOD64_3y9PEdTas6PWvkZK_3eelc2InhJw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-B3Ogh8PHglt5Ekxtu3-BRB-OfHSZyBr8m-qZ8BAa3iyadzj0j1A40FTtq7n0g6c429G6vYJCNsBD1I3qFMccvyUFFPSWiU_JltAU5xvHR8BwzIWQi9QLx8vt5redeP2sKDe8Yoirk_4OE2dKHTrOns_ttbQQ%26cry%3D1%26dbm_d%3DAKAmf-Cdg1U-juGkq7uDokacJTy6SmCZPMlOL0KCTr0y5Ss_avWQDt4fOB6GRR4i4H0KCHftW871whx3itr2CPQWuJg5pqUq_-v0HIROFJrUPE00vx5z21uB6xe2Ns0C1SEbOydaivnFxZIqimNlNKXgX58SDCgubXagGxkU63tzgomZ5tjgd1QRUcRQdzDPX8sY5AhHqFnlbFL3inARoULk8VdUuYljJWHm9aD2X_Cas8vwmqbSTOE-vNCpORSxdmg9h7i-_bSCdpOIaa2H9P2hi6UdDIgSlJl6N8V-_XMBWKzJZ49tYqzGFHZRpQTpn_V8F_q7TVsyRUYBETeDzjVEh2wEEU470wmfipA6mOTWDDahnA7PXLbPxhjmOAdWKrwalmW7eN2S6H2MRjoH6Yp0e83NXnR0X2lkgYGq0ddOvaznja78OcWzaYdQswru0IQnIO9-hF1I%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=4032024947584&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 HTTP 302
https://hal900016.redintelligence.net/request.php?zone=zfxs41mp1p1v&nw=20&renderingType=javascript&namespace=0c0d3934e2&subid=&uid=5d0bd41be97188b7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCWjz9Rcq_YOD0CJmt3wOOxaqoAobdsNJdzo_0sfwJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9DoK0K8330tsTcpseKwAfRDjBj-FkaRIm_wskCExibxeY0fG82yGqd2gdeBiBIu0ya2yS8kOtxOaUhpGjh8j98w0UFdeoUIi08ebOUX_9MzPmn8gM6GzewJBhh8rYYK_kldyl3sLA_yYpwVShLLpQn5n8ZvbzlfJi7AIxGggsZ-qdoaptfKJmsOL8f7Lv8s6XPhS9OW9uq9v3J2doUgAdw0zSpgbB5E5dEaWTUaNZCg32NthW7cDaJmGcAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRomJSRmqFLIWt_yZR95bA9Vw%26sig%3DAOD64_3y9PEdTas6PWvkZK_3eelc2InhJw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-B3Ogh8PHglt5Ekxtu3-BRB-OfHSZyBr8m-qZ8BAa3iyadzj0j1A40FTtq7n0g6c429G6vYJCNsBD1I3qFMccvyUFFPSWiU_JltAU5xvHR8BwzIWQi9QLx8vt5redeP2sKDe8Yoirk_4OE2dKHTrOns_ttbQQ%26cry%3D1%26dbm_d%3DAKAmf-Cdg1U-juGkq7uDokacJTy6SmCZPMlOL0KCTr0y5Ss_avWQDt4fOB6GRR4i4H0KCHftW871whx3itr2CPQWuJg5pqUq_-v0HIROFJrUPE00vx5z21uB6xe2Ns0C1SEbOydaivnFxZIqimNlNKXgX58SDCgubXagGxkU63tzgomZ5tjgd1QRUcRQdzDPX8sY5AhHqFnlbFL3inARoULk8VdUuYljJWHm9aD2X_Cas8vwmqbSTOE-vNCpORSxdmg9h7i-_bSCdpOIaa2H9P2hi6UdDIgSlJl6N8V-_XMBWKzJZ49tYqzGFHZRpQTpn_V8F_q7TVsyRUYBETeDzjVEh2wEEU470wmfipA6mOTWDDahnA7PXLbPxhjmOAdWKrwalmW7eN2S6H2MRjoH6Yp0e83NXnR0X2lkgYGq0ddOvaznja78OcWzaYdQswru0IQnIO9-hF1I%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=4032024947584&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1

Request Chain 125

https://www.lduhtrp.net/image-7743601-14446294?SID=52684500238351800714734011619004 HTTP 302
https://cj.dotomi.com/6c66qmqt6/gns/mqk/5888A6D8/BB87A45/4/4/4/4/4?i=ysid%3DVSWYUVQQSTYTVRYQQXRUXTUQRRWRZQQU%3c%3c7JJFI%3A%2F%2FMMM.B3K7JHF.D4J%3AYQ%2F8C064-XXUTWQR-RUUUWSZU%3c%3cg%3c7JJFI%3A%2F%2FQZR1X1XSZRXT43UXUU0Z320VTUY2ZXVQ.I0545H0C4.6EE6B4IOD3820J8ED.2EC%2F%3c%3cR%3cR%3cQ%3cQ%3c HTTP 302
https://www.emjcd.com/8q79m-36M/u05/-3y/JMMMOKRM/PPMLOIJ/I/MIINIMJPMJORLLRIRO:X7Sm50s2VPxU/I/I/I?e=ueUP%3DHEIKGHCCEFKFHDKCCJDGJFGCDDIDLCCG%3c%3ct5514%3A%2F%2F888.xp6t531.zq5%3AKC%2Fuymsq-JJGFICD-DGGGIELG%3c%3cS%3ct5514%3A%2F%2FCLDnJnJELDJFqpGJGGmLpomHFGKoLJHC.4mrqr3myq.s00sxq4Azpuom5u0z.o0y%2F%3cLCpmqEpL-HHCo-GpDG-LJnH-EKmHFDLFqCJL%3cD%3cD%3cC%3cC%3c HTTP 302
https://www.yceml.net/0726/14446294-1613646867749

Request Chain 133

https://www.lduhtrp.net/image-7743601-14446294?SID=32425600188488900714752011619016 HTTP 302
https://cj.dotomi.com/9h115ax03H/ry2/x0v/GJJJLHOJ/MMJILFG/F/F/F/F/F?i=zmcX%3DNMOMPQKKLSSOSSTKKRLORPMKLLQLTKLQ%3c%3c1DD9C%3A%2F%2FGGG.5xE1DB9.7yD%3ASK%2F26u0y-RRONQKL-LOOOQMTO%3c%3ca%3c1DD9C%3A%2F%2FKTLvRvRMTLRNyxOROOuTxwuPNOSwTRPK.CuzyzBu6y.08805yCI7x2wuD287.w86%2F%3c%3cL%3cL%3cK%3cK%3c HTTP 302
https://www.emjcd.com/cl116z158O/w27/15-/LOOOQMTO/RRONQKL/K/OKKPKOLROLQTNNTKTR:TeUo72u4XR2W/K/K/K?h=fjZU%3DKJLJMNHHIPPLPPQHHOILOMJHIINIQHIN%3c%3cyAA69%3A%2F%2FDDD.2uByA86.4vA%3APH%2Fz3rxv-OOLKNHI-ILLLNJQL%3c%3cX%3cyAA69%3A%2F%2FHQIsOsOJQIOKvuLOLLrQutrMKLPtQOMH.9rwvw8r3v.x55x2v9F4uztrAz54.t53%2F%3cIHsNOMvL-uQvt-LrwO-sHMK-QJPIPOruHJwQ%3cI%3cI%3cH%3cH%3c HTTP 302
https://www.yceml.net/0726/14446294-1613646867749

Request Chain 139

https://ads.travelaudience.com/google_pixel?google_gid=CAESEBtztoUTO5kdr9txUvmByP8&google_cver=1&google_push=AYg5qPIZWPVpF8pq3mHkqY2KbVziMSy_bNuVBmx5dCFcHQCAZVqL6weDkSvVdX4aJTHgtg86j8KYOZGWuFxJ1Ax_pFz-l5TvHqTJ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=snOp3LesTN6ALWfdXTfmsA2&google_push=AYg5qPIZWPVpF8pq3mHkqY2KbVziMSy_bNuVBmx5dCFcHQCAZVqL6weDkSvVdX4aJTHgtg86j8KYOZGWuFxJ1Ax_pFz-l5TvHqTJ

Request Chain 140

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPEVpPVGPvXy5KIm01cVVkc&google_cver=1&google_push=AYg5qPIwFFney5ZSXvkRVPx8VKz5f8NG-cUJ8eb7Em2qAk4eC65rHrmsIwF-wtLHVlNVrqxhIsImMc4uOrGXMATzmQzJV8f6hL8 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPEVpPVGPvXy5KIm01cVVkc&google_cver=1&google_push=AYg5qPIwFFney5ZSXvkRVPx8VKz5f8NG-cUJ8eb7Em2qAk4eC65rHrmsIwF-wtLHVlNVrqxhIsImMc4uOrGXMATzmQzJV8f6hL8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYyMDg1MjQyNjYxODQ3NTcxNg&google_push=AYg5qPIwFFney5ZSXvkRVPx8VKz5f8NG-cUJ8eb7Em2qAk4eC65rHrmsIwF-wtLHVlNVrqxhIsImMc4uOrGXMATzmQzJV8f6hL8

Request Chain 142

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEirSc8vL1gqKWCwIdUz1BE&google_cver=1&google_push=AYg5qPIy1xyoNoIzLAtZxFg49TjVWfZf_qR3K1AxSg9MGs11CWAjbpw22Riw-15jNFKTth4FApScXvE3hBywonb0G7sFeiQSHzJ7 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEirSc8vL1gqKWCwIdUz1BE&google_cver=1&google_push=AYg5qPIy1xyoNoIzLAtZxFg49TjVWfZf_qR3K1AxSg9MGs11CWAjbpw22Riw-15jNFKTth4FApScXvE3hBywonb0G7sFeiQSHzJ7&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=9qr8IA5TTDmysSocB4An5A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIy1xyoNoIzLAtZxFg49TjVWfZf_qR3K1AxSg9MGs11CWAjbpw22Riw-15jNFKTth4FApScXvE3hBywonb0G7sFeiQSHzJ7

Request Chain 143

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_cver=1&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM

Request Chain 144

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPYjQFpvYctGOJp7NWfQkSY&google_cver=1&google_push=AYg5qPKV4mbdTTfUY8-r6NkEjLcAcikMABiWdhSBVvsYheubvqLLfQaWLphO6uOVC5AX578DKGCtbXhKai9F_PnPXcCN63pKVmc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKV4mbdTTfUY8-r6NkEjLcAcikMABiWdhSBVvsYheubvqLLfQaWLphO6uOVC5AX578DKGCtbXhKai9F_PnPXcCN63pKVmc&google_hm=ODgwOTU4OTMzODY1Mzg2MTg1Nw%3D%3D

Request Chain 145

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPrn2aLM2wdNVUSFyC1ZzfI&google_cver=1&google_push=AYg5qPJzuNiiuOfvzAji50BmZ6ch9MId2_dVFjLgTzmXJKMJOp9u7VRfhU0wUqUcvousvqX0fZq4u6LhAlGcTIUKrMWs6oxFF58Wig HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPrn2aLM2wdNVUSFyC1ZzfI&google_cver=1&google_push=AYg5qPJzuNiiuOfvzAji50BmZ6ch9MId2_dVFjLgTzmXJKMJOp9u7VRfhU0wUqUcvousvqX0fZq4u6LhAlGcTIUKrMWs6oxFF58Wig&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15Y2p1dVRKRTJ1RUFsSW1RUEZaWGc5ZEJ0bmVudUFDa35B&google_push=AYg5qPJzuNiiuOfvzAji50BmZ6ch9MId2_dVFjLgTzmXJKMJOp9u7VRfhU0wUqUcvousvqX0fZq4u6LhAlGcTIUKrMWs6oxFF58Wig

Request Chain 149

https://lov.saveur-biere.com/?a=P4FDE751F57B1919&argsite=52684500238351800714734011619004 HTTP 302
https://lov.saveur-biere.com/12/64999/img_9_19_11.png HTTP 302
https://img.metaffiliation.com/12/64999/img_9_19_11.png

Request Chain 151

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEG1Zox5l1SK6orNw-KwWV00&google_cver=1&google_push=AYg5qPJZUe2-3zfFRGtwI4ms58tvKlq3WQAdfhYuiOdRo-jky9zu8IdDbENNjKcjL9x3zHaM6JYXgnDOh3DRZTqncpNKIVuyAvo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJZUe2-3zfFRGtwI4ms58tvKlq3WQAdfhYuiOdRo-jky9zu8IdDbENNjKcjL9x3zHaM6JYXgnDOh3DRZTqncpNKIVuyAvo

Request Chain 152

https://a.tribalfusion.com/i.match?p=b6&u=CAESEBQ3CPC9Eb0qTqex9yKBToI&google_cver=1&google_push=AYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBQ3CPC9Eb0qTqex9yKBToI&google_cver=1&google_push=AYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 153

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHYK8XUVR-QcxTfQbQ672bY&google_cver=1&google_push=AYg5qPLhhsmnvQ0Xkbcphy5GBOQNqHS7SIbQ-wSvl4TmtwjH2U4-lytn-O5lPxK2cz9EWgBpxksaEzAAuAGPtHSuwya2bsjxToE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLhhsmnvQ0Xkbcphy5GBOQNqHS7SIbQ-wSvl4TmtwjH2U4-lytn-O5lPxK2cz9EWgBpxksaEzAAuAGPtHSuwya2bsjxToE&google_hm=nFiB4Z8WROer1gsMzDkIppE

Request Chain 155

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBAJp1X9G1ESxfODXEt-dOw&google_cver=1&google_push=AYg5qPICOJjQuPqykl8rkXx1HpEjcJ-FH3W6o25c0s5bEvfwULRmFuFHeq5slJqkmvUTLNFj_QN0AIWhdzxl9T2Bd-f9RvtxUA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPICOJjQuPqykl8rkXx1HpEjcJ-FH3W6o25c0s5bEvfwULRmFuFHeq5slJqkmvUTLNFj_QN0AIWhdzxl9T2Bd-f9RvtxUA&google_hm=ODY4MjgwMTg2NDAyNDc1NjE3NA%3D%3D

Request Chain 156

https://rtb.openx.net/sync/dds?google_gid=CAESEL7qyIUppWRafF5E4K020e4&google_cver=1&google_push=AYg5qPJMpQpZ4a3Pgf4X6e07yMHp8f1UggrdZbEtbwaKZdiJQhXMoSkxAMeXYD9BOqprXYL4YTnd-n4eGzYoQtF30tVMpVs3GtM HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEL7qyIUppWRafF5E4K020e4&google_cver=1&google_push=AYg5qPJMpQpZ4a3Pgf4X6e07yMHp8f1UggrdZbEtbwaKZdiJQhXMoSkxAMeXYD9BOqprXYL4YTnd-n4eGzYoQtF30tVMpVs3GtM&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJMpQpZ4a3Pgf4X6e07yMHp8f1UggrdZbEtbwaKZdiJQhXMoSkxAMeXYD9BOqprXYL4YTnd-n4eGzYoQtF30tVMpVs3GtM&google_hm=TThOy-fNxAEtvHI8-7rFIg==

Request Chain 157

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPrn2aLM2wdNVUSFyC1ZzfI&google_cver=1&google_push=AYg5qPINqY9ml2314GERpJvCJaYy2bLO9mcy_-Dx6Mn4c6g8EsxVBAwBbN6SjZYNiQpG-7U7lNqA6u1ESOiYsAVxXSsOm6gAdww HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPrn2aLM2wdNVUSFyC1ZzfI&google_cver=1&google_push=AYg5qPINqY9ml2314GERpJvCJaYy2bLO9mcy_-Dx6Mn4c6g8EsxVBAwBbN6SjZYNiQpG-7U7lNqA6u1ESOiYsAVxXSsOm6gAdww&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15Y2p1dVRKRTJ1RUFsSW1RUEZaWGc5ZEJ0bmVudUFDa35B&google_push=AYg5qPINqY9ml2314GERpJvCJaYy2bLO9mcy_-Dx6Mn4c6g8EsxVBAwBbN6SjZYNiQpG-7U7lNqA6u1ESOiYsAVxXSsOm6gAdww

Request Chain 164

https://lov.saveur-biere.com/?a=P4FDE751F57B1919&argsite=32425600188488900714752011619016 HTTP 302
https://lov.saveur-biere.com/12/64999/img_9_19_11.png HTTP 302
https://img.metaffiliation.com/12/64999/img_9_19_11.png

179 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request billpig50 Show response
blip.fm/ 25 KB
7 KB 548ms
237ms Document
text/html 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 / PHP/7.0.19
Resource Hash: ddeecf7578070dbaea907b70d73c4d20f6584febcf86ffca7a85bfd0bad77a02

Request headers

Host: blip.fm
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
X-Powered-By: PHP/7.0.19
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK base.css
blip.fm/_/css/ 79 KB
17 KB 211ms
108ms Stylesheet
text/css 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/css/base.css
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: e06a1c6ca9fbdcbab4b4282bbf1e2255ef607b00b457086855a0b2bc33faf7a6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Aug 2020 12:44:01 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "13d81-5abf87e320640-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 17044

GET
H/1.1 200
OK newdesign.css
blip.fm/_/css/ 25 KB
5 KB 287ms
96ms Stylesheet
text/css 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/css/newdesign.css
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 319513d84c6b2e0aea8ec6401142ad600dce83d99a4d45cea9a884875f403265

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Dec 2020 06:30:15 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "65be-5b68f02140bc0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4921

GET
H/1.1 200
OK profile.26.css.cgz
d1uswytv6491xe.cloudfront.net/css/ 3 KB
1 KB 109ms
27ms Stylesheet
text/css 65.9.58.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1uswytv6491xe.cloudfront.net/css/profile.26.css.cgz
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.220 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ae6e79fcd093e4a8968d1ebc25b12f74f12503794384e0de7598761261c01f70

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 13 Feb 2021 02:48:49 GMT
Content-Encoding: gzip
Age: 9997363
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 974
Last-Modified: Thu, 04 Apr 2019 15:07:15 GMT
Server: AmazonS3
ETag: "cafbaa2c66e5af33d2a50ac7c913fc60"
Content-Type: text/css
Via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: BpKUqZaOq8mGhUt7885A7Nu2LWb6jRWUtV56H4nXcDVjGZbupvn83A==
Expires: Thu, 04 Apr 2024 15:07:14 GMT

GET
H/1.1 200
OK spotify.css
blip.fm/_/css/ 2 KB
1 KB 287ms
97ms Stylesheet
text/css 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/css/spotify.css
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: d770749019637859894001e3ce01057cc47b89c89f5afe98f1c6d0aaf9a4648d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Aug 2019 17:42:43 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "776-5907bddf8cac0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 665

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
31 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 20:30:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84051
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Jun 2022 20:30:40 GMT

GET
H/1.1 200
OK spotify-player.js Show response
sdk.scdn.co/ 21 KB
6 KB 32ms
6ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/spotify-player.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dec6a0b276c15b010acbbc7c201810712d7b9f7217308225174dfdeda5d4f6e0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Apr 2021 09:44:32 GMT
Age: 1648963
ETag: "23130e8b4395801117e1675730d026b2"
X-Served-By: cache-ord1721-ORD, cache-hhn11534-HHN
X-Cache: HIT, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6204
X-Cache-Hits: 1, 94

GET
H/1.1 200
OK jquery.cookie.js Show response
blip.fm/_/js/ 3 KB
3 KB 320ms
109ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/jquery.cookie.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Last-Modified: Mon, 06 Jan 2020 14:00:06 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "c31-59b79139da580"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3121

GET
H2 200 handlebars.min.js Show response
cdnjs.cloudflare.com/ajax/libs/handlebars.js/2.0.0-alpha.1/ 47 KB
13 KB 35ms
16ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/2.0.0-alpha.1/handlebars.min.js

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82e2d5fd2ae7a2dfb049133d30a1c14aa65ddacffd138a73921f2994766c3324

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2239870
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 12647
cf-request-id: 0a8ec72e8e000032444a809000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e72-ba0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2MXbMN5H7EJ%2BA49pI%2BBBv10XAHr5uJ8oDNJa4SkZZJ%2Fg%2FhTYwbIWj9X%2Bg16peEsBL0aLQ0%2F3QId8HCREecP2hUW8IGAt6KL1th%2BiQ6yn9eP4QvLr54YAyz%2F%2F8ldV27sRwZH0ro1PFckodAPNmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 65c4a7c41e3c3244-FRA
expires: Sun, 29 May 2022 19:51:31 GMT

GET
H/1.1 200
OK napster.min.js Show response
blip.fm/_/js/ 14 KB
15 KB 319ms
109ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/napster.min.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: ff7bf0e46bc638dc36c28fd98b218a1983bc2badd30cbed318de10c270f66ec1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Last-Modified: Mon, 06 Jan 2020 14:00:07 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "38da-59b7913ace7c0"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14554

GET
H/1.1 200
OK spotify-api.js Show response
blip.fm/_/js/ 6 KB
6 KB 319ms
109ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/spotify-api.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 396e92552e8ff284f6e204090bc222578d5a1a6ec0f92ccf31ed5978606784b4

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Last-Modified: Thu, 09 Jan 2020 09:26:07 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "17f8-59bb1994c89c0"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6136

GET
H/1.1 200
OK napster-api.js Show response
blip.fm/_/js/ 3 KB
3 KB 380ms
94ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/napster-api.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 5345a3bf0a85143d337b572e4cea04e8705eb606e47611d54a7c1e1f6242308a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Last-Modified: Thu, 09 Jan 2020 09:23:24 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "c8f-59bb18f955b00"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3215

GET
H/1.1 200
OK header.js Show response
empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/ 8 KB
9 KB 466ms
136ms Script
application/javascript 52.219.105.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.105.178 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: e4a54349dc54879fad8d1567c0dbaad10d67553f8d1c190f3939e46b434c6e9a

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:32 GMT
Last-Modified: Wed, 10 Mar 2021 19:39:58 GMT
Server: AmazonS3
x-amz-request-id: H9QQQVXYJXNR0G9Y
ETag: "808b8d2713ae2c3bc82ca1d76dccbc08"
Content-Type: application/javascript
x-amz-version-id: F4VRdt3dlpkr8Avwt6TpU_eFaQI6ua_s
Accept-Ranges: bytes
Content-Length: 8674
x-amz-id-2: bBvNkTZLeBnCDFEgrOIug7nDbTCXaDBJM56acEt9s6Q3tY4YhYpPjKwu42VQZmxuJB9x3RhgUbo=

GET
H/1.1 200
OK logo.png
blip.fm/images/ 9 KB
9 KB 99ms
97ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/logo.png
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 1feda3dc45dfdcb46ec8f8abdafc23f06d4e2d954a864ec9e9e61b857dc8d1e8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Last-Modified: Wed, 01 Jul 2020 13:08:01 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "22a3-5a960fb434e40"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 8867

GET
H/1.1 200
OK spinner.gif
d1uswytv6491xe.cloudfront.net/images/blip/ 847 B
1 KB 27ms
26ms Image
image/gif 65.9.58.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1uswytv6491xe.cloudfront.net/images/blip/spinner.gif
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.220 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 88c003ca3b8264aa64112d6c7ebe5a82011b6041c24460dbea7a31d3bfafee34

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 17 Mar 2021 03:54:45 GMT
Via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Thu, 04 Apr 2019 15:03:35 GMT
Server: AmazonS3
Age: 7228607
ETag: "4b2f4d6259e452b9a0d2efbe25065b58"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
Content-Length: 847
X-Amz-Cf-Id: 1YhjiHd9sRWMA0KPEFTPM5iVZ4_S8Se8QQ9itRula9jjdKj6YEZEnA==
Expires: Thu, 04 Apr 2024 15:03:33 GMT

GET
H/1.1 200
OK juicy-signup-small.png
d1uswytv6491xe.cloudfront.net/images/buttons/ 4 KB
4 KB 54ms
26ms Image
image/png 65.9.58.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1uswytv6491xe.cloudfront.net/images/buttons/juicy-signup-small.png
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.220 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 17c3bd5b578cb7f4fccd1ad422794185e0c96b0c68a60756f4b1a72b674972c8

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 13 Feb 2021 02:48:50 GMT
Via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Thu, 04 Apr 2019 15:05:23 GMT
Server: AmazonS3
Age: 9997362
ETag: "a7a5b0521447b176ca08db741abbb305"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
Content-Length: 3659
X-Amz-Cf-Id: djtV8axPAhx60QEPtjxOQCM1_Yi9vm6z-U0Ry1sC76x42gOxdukdLg==
Expires: Thu, 04 Apr 2024 15:05:21 GMT

GET
H/1.1 200
OK nousericon-l.gif
d1uswytv6491xe.cloudfront.net/images/ 6 KB
7 KB 82ms
28ms Image
image/gif 65.9.58.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1uswytv6491xe.cloudfront.net/images/nousericon-l.gif
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.220 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 35e9144015046c3d25f20ddbd1f3036306891c441a18343c1d1e2da6ff3c2bd1

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 29 Jan 2021 01:30:07 GMT
Via: 1.1 28ccbefb54459137bb0b0d946fd75e49.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Thu, 04 Apr 2019 15:03:48 GMT
Server: AmazonS3
Age: 11298085
ETag: "93ccd993bbfefbfa9709be27d9a0588b"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
Content-Length: 6443
X-Amz-Cf-Id: ylAo0bNG58h0O74JGfVw_VxNmqg9KTNA__S_GE78NPLhBln1RYMsEg==
Expires: Thu, 04 Apr 2024 15:03:47 GMT

GET
H/1.1 200
OK nl.png
d1uswytv6491xe.cloudfront.net/images/flags/ 363 B
918 B 87ms
33ms Image
image/png 65.9.58.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1uswytv6491xe.cloudfront.net/images/flags/nl.png
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.220 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b4464599f9055d0905ba386ac43f29b9cf6fdecd587940e2963c38de9efe32ca

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 06 Feb 2021 18:09:29 GMT
Via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc1.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Wed, 25 Aug 2010 17:45:55 GMT
Server: AmazonS3
Age: 10546923
ETag: "132685fac5385dd52eeb7628e28a84ea"
X-Cache: Hit from cloudfront
Content-Type: image/png; charset=binary
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
Content-Length: 363
X-Amz-Cf-Id: FoFAzuvO8vKbzNWS-u5KdPrDewI1edUSLQXAZjNYOEaoGxM6vc_8vQ==
Expires: Tue, 25 Aug 2015 17:45:54 GMT

GET
H2 200 1*ptQRDWDlEblcDL734-y4Qw.png
miro.medium.com/max/1200/ 35 KB
36 KB 135ms
117ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1200/1*ptQRDWDlEblcDL734-y4Qw.png

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10985b0138ee107431b8118e0d8b2efa14439caf69807bf0bde75c96c578f018

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:31 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 35996
cf-request-id: 0a8ec7306700001f1189870000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 65c4a7c70a861f11-FRA
expires: Thu, 08 Jul 2021 19:51:31 GMT

GET
H/1.1 200
OK placeholder.svg
blip.fm/_/images/ 4 KB
5 KB 102ms
101ms Image
image/svg+xml 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/_/images/placeholder.svg
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: c0e57c534e7fce5e66fb419c269b97d436385a2c69b9f508edf480ef60dedf91

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Last-Modified: Wed, 15 Jul 2020 08:57:06 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "1194-5aa771bb17c80"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4500

GET
H/1.1 200
OK napster.jpg
blip.fm/_/images/napster/ 52 KB
52 KB 122ms
121ms Image
image/jpeg 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/_/images/napster/napster.jpg
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: e6d76a2dedcc68e2317925b345474a47ee6294694ded93655ee3d69559a4a583

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:17 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:47 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "ce4a-5ac0643925cc0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 52810

GET
H/1.1 200
OK ads.js Show response
empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/ 3 KB
4 KB 182ms
116ms Script
application/javascript 52.219.105.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/ads.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.105.178 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: b3d07bd62da73385f67aa7d09c598bade0243347339334c81763124a803dbaf7

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:32 GMT
Last-Modified: Fri, 26 Feb 2021 17:17:08 GMT
Server: AmazonS3
x-amz-request-id: H9QH77NKKXMGJ7PD
ETag: "22262cedaaaa5ff76bd686a64713f048"
Content-Type: application/javascript
x-amz-version-id: .L7dXL0GVzyECTjS7anJk4iGuUC1kqkM
Accept-Ranges: bytes
Content-Length: 3328
x-amz-id-2: D6x+gwQdaUPdj4keZkPJNncjx8rRWlbzmxjdLfEqjKuAax/lfrSSrDUsVqMaDxt5SW21apnyBfU=

GET
H/1.1 200
OK base.js Show response
blip.fm/_/js/ 505 KB
506 KB 102ms
102ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/base.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 4b6a2b0fd27801f153917af3d6558094fd0e76f7e08e21e78b45b0343362d3d6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/billpig50
Connection: keep-alive
Referer: https://blip.fm/billpig50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:16 GMT
Last-Modified: Tue, 09 Mar 2021 21:40:56 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "7e5cc-5bd2167c3aa00"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 517580

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 26ms
7ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:31 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Tue, 15 Jun 2021 19:51:31 GMT

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
788 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700&display=swap

Requested by

Host: blip.fm
URL: https://blip.fm/_/css/newdesign.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e26892b2736c82171e10cf7325fdc8627423517c96f0e12877de14ed63e8b07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Jun 2021 18:47:12 GMT
server: ESF
date: Tue, 08 Jun 2021 19:51:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Jun 2021 19:51:31 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5584
date: Tue, 08 Jun 2021 18:18:27 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Tue, 08 Jun 2021 20:18:27 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 123 KB
33 KB 90ms
53ms Script
application/javascript 52.222.200.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.200.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-200-121.cdg50.r.cloudfront.net
Software: Server /
Resource Hash: 5b6f3806c04b7c91d2ee5cf8f42b31343a9d33ea62ad9d0506cfa1be078477d3

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: E3YSXBJMjZlokKHa7.qL9ZqkRLiXb9jY
content-encoding: gzip
server: Server
age: 551
etag: 6bda376aea84df42909484ff0d20f22a
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2ba5677785db2f66bc73820b2a261477.cloudfront.net (CloudFront)
cache-control: public, max-age=900
date: Tue, 08 Jun 2021 19:42:20 GMT
x-amz-cf-pop: CDG50-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: lsxSlc7kYm8yGpHMKxttqG3LKXDAyjz6g-q8isMjr-GfbSv-pxSngg==

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blip.fm
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 06:16:42 GMT
x-content-type-options: nosniff
age: 48889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19480
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 06:16:42 GMT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=563778960&utmhn=blip.fm&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Free%20Music%...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1449388-5&cid=1231501152.1623181892&jid=545371460&_v=5.7.2&z=563778960

35 B
113 B

15ms
15ms

Image
image/gif

2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1449388-5&cid=1231501152.1623181892&jid=545371460&_v=5.7.2&z=563778960

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 08 Jun 2021 19:51:31 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:31 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1449388-5&cid=1231501152.1623181892&jid=545371460&_v=5.7.2&z=563778960
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 368
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trackpopbg.png
blip.fm/images/ 400 B
732 B 99ms
98ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/trackpopbg.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 51849fb8f2b161981d2a508c4e58503a0a752c6bbac592a742d92efdb1c378c6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.1231501152.1623181892.1623181892.1623181892.1; __utmc=171230451; __utmz=171230451.1623181892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1623181892
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:17 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:35 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "190-5ac0642db41c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 400

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
297 B 122ms
122ms XHR
text/plain 52.222.200.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=434bb5e4-3704-4b75-b36c-785a444462bd&u=https%3A%2F%2Fblip.fm%2Fbillpig50
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.200.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-200-121.cdg50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:31 GMT
via: 1.1 2ba5677785db2f66bc73820b2a261477.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: CDG50-P2
x-cache: Miss from cloudfront
access-control-allow-origin: https://blip.fm
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-id: OURu1cvwuOS3tiB2GRKM3I_Bbax35g48MwKl4VvsPB43Hpg_rxovBQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 64ms
29ms XHR
application/javascript 52.222.200.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.200.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-200-121.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 20325
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Tue, 08 Jun 2021 14:12:47 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 7fbc1adfbf55c351343006ea853f668b.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: CDG50-P2
x-amz-cf-id: Otx9G_KOie3UYs2Ru5CNqHk2-ivYNIqXcvBdxRTjcg7ZE-UczGaamg==

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
1 KB 45ms
25ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: blip.fm
URL: https://blip.fm/_/js/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2aeb8d2abc5ed9b751af26cb7b4603db073967f44ccc3fb877c82b9b41745eaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cache-control: private, max-age=0
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
content-type: text/javascript; charset=utf-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:32 GMT

GET
H/1.1 200
OK loadPage Show response
blip.fm/ajax/ 18 B
414 B 289ms
289ms XHR
application/json 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/ajax/loadPage?page=1&bliperId=2545117
Requested by: Host: blip.fm
URL: https://blip.fm/_/js/base.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 / PHP/7.0.19
Resource Hash: 67f2b0a60f37796c436ea0d9f947a22cb196312a87705d10069b65acc2993f01

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: __utma=171230451.1231501152.1623181892.1623181892.1623181892.1; __utmc=171230451; __utmz=171230451.1623181892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1623181892
Connection: keep-alive
X-Fuzz-Ajax: true
Referer: https://blip.fm/billpig50
Referer: https://blip.fm/billpig50
X-Requested-With: XMLHttpRequest
X-Fuzz-Ajax: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:17 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
X-Powered-By: PHP/7.0.19
Content-Type: application/json
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 18
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 rules-p-b0cBKofGeCYKg.js Show response
rules.quantcount.com/ 3 B
438 B 75ms
29ms Script
application/javascript 2600:9000:218d:2400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-b0cBKofGeCYKg.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218d:2400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 01:40:33 GMT
via: 1.1 d5ee2aa873a3cb23609433e0272dd41c.cloudfront.net (CloudFront)
age: 65459
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 20:48:31 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: CDG50-P2
accept-ranges: bytes
x-amz-cf-id: iTHVLeHNAEIzaIlchYqFevM6SNLeDGCx42Nikw0PVVYxynOEBWzLgA==

GET
H2 200 rules-p-c4o3JsfzdTxY6.js Show response
rules.quantcount.com/ 3 B
437 B 69ms
23ms Script
application/javascript 2600:9000:218d:2400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-c4o3JsfzdTxY6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218d:2400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 09:36:24 GMT
via: 1.1 d5ee2aa873a3cb23609433e0272dd41c.cloudfront.net (CloudFront)
age: 36909
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 20:53:31 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: CDG50-P2
accept-ranges: bytes
x-amz-cf-id: nAi7zICfNJzyVCc2abaTNO8QfhlKYurcZe-3wjPjsyMVCrnyog3kAQ==

GET
H/1.1 200
OK noticebg-black.png
blip.fm/images/ 2 KB
3 KB 115ms
114ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/noticebg-black.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 3983c27985f9ae67aed69d7ca6a82a682a7095df30b8d8253014de0f4ee97427

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.1231501152.1623181892.1623181892.1623181892.1; __utmc=171230451; __utmz=171230451.1623181892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1623181892
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:17 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:53 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "9d5-5ac0643edea40"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2517

GET
H/1.1 200
OK dockbg.png
blip.fm/images/ 607 B
939 B 115ms
115ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/dockbg.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: c04e372715cffbc60a3f59d89c6ba50bb9f8adbc36c2e75cbd155f4ae1a911e8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.1231501152.1623181892.1623181892.1623181892.1; __utmc=171230451; __utmz=171230451.1623181892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1623181892
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:17 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:37 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "25f-5ac0642f9c640"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 607

GET
H/1.1 200
OK alert.png
blip.fm/images/icons/ 3 KB
4 KB 132ms
131ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/icons/alert.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 4db8af548255ad1270380918e096b18fddd5b984f95fd4862f18575f8267162f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.1231501152.1623181892.1623181892.1623181892.1; __utmc=171230451; __utmz=171230451.1623181892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1623181892
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:17 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:49 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "d77-5ac0643b0e140"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 3447

GET
H/1.1 200
OK sprite-uber.png
blip.fm/images/blip/ 64 KB
65 KB 133ms
133ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/blip/sprite-uber.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 9585f9660d61236506d8fe0d442168949a866c238ee7fe8c5f32b0aec2b29d71

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.1231501152.1623181892.1623181892.1623181892.1; __utmc=171230451; __utmz=171230451.1623181892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1623181892
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:17 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:43 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "1015e-5ac06435553c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 65886

GET
H/1.1 200
OK dialogbg.png
blip.fm/images/ 6 KB
6 KB 129ms
129ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/dialogbg.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 8389ab2ff25b494852f8aa7c6972c69140ffb4f74ad5fb5f030d6ed3a1160359

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.1231501152.1623181892.1623181892.1623181892.1; __utmc=171230451; __utmz=171230451.1623181892.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1623181892
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:17 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:44 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "17ce-5ac0643649600"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 6094

GET
H3-29 200 www-widgetapi.js Show response
www.youtube.com/s/player/00fe505f/www-widgetapi.vflset/ 122 KB
40 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/00fe505f/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67e1bb6ad1d688a68298352c267f273ffff3cbd32fc021b0c8d2be141932ef04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:16:33 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 00:19:22 GMT
server: sffe
age: 2099
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41267
x-xss-protection: 0
expires: Wed, 08 Jun 2022 19:16:33 GMT

GET
H3-29 200 / Show response
www.youtube.com/embed/ Frame 2BDA 30 KB
9 KB 59ms
59ms Document
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/00fe505f/www-widgetapi.vflset/www-widgetapi.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5319e556d7cc59b3645e2ce9984858f1c8e2be91f59c475cf09388d3b175fa59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=COT87-ygTLg; VISITOR_INFO1_LIVE=DhT-za3wuaA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 08 Jun 2021 19:51:32 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: CONSENT=PENDING+715; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel;r=1257754461;rf=0;a=p-b0cBKofGeCYKg;url=https%3A%2F%2Fblip.fm%2Fbillpig50;uht=2;fpan=1;fpa=P0-1594610575-1623181892231;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d...
pixel.quantserve.com/ 35 B
372 B 12ms
10ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1257754461;rf=0;a=p-b0cBKofGeCYKg;url=https%3A%2F%2Fblip.fm%2Fbillpig50;uht=2;fpan=1;fpa=P0-1594610575-1623181892231;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=blip.fm;je=0;sr=1600x1200x24;dst=1;et=1623181892231;tzo=-120;ogl=title.Blip%252Efm%20-%20Listen%20to%20free%20music%2Ctype.website%2Cimage.https%3A%2F%2Fd1uswytv6491xe%252Ecloudfront%252Enet%2Fimages%2Fblip%2FblipIcon%252Epng%2Curl.http%3A%2F%2Fblip%252Efm%2Csite_name.Blip%252Efm

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 pixel;r=404091164;rf=0;a=p-c4o3JsfzdTxY6;url=https%3A%2F%2Fblip.fm%2Fbillpig50;uht=2;fpan=0;fpa=P0-1594610575-1623181892231;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=...
pixel.quantserve.com/ 35 B
371 B 12ms
10ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=404091164;rf=0;a=p-c4o3JsfzdTxY6;url=https%3A%2F%2Fblip.fm%2Fbillpig50;uht=2;fpan=0;fpa=P0-1594610575-1623181892231;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=blip.fm;je=0;sr=1600x1200x24;dst=1;et=1623181892233;tzo=-120;ogl=title.Blip%252Efm%20-%20Listen%20to%20free%20music%2Ctype.website%2Cimage.https%3A%2F%2Fd1uswytv6491xe%252Ecloudfront%252Enet%2Fimages%2Fblip%2FblipIcon%252Epng%2Curl.http%3A%2F%2Fblip%252Efm%2Csite_name.Blip%252Efm

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/00fe505f/ Frame 2BDA 358 KB
45 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/00fe505f/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60abaf88d6790a81e6f4edd4a174032609f24f6ffd767a837c96e1c956175e6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 15:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 00:19:22 GMT
server: sffe
age: 103835
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46187
x-xss-protection: 0
expires: Tue, 07 Jun 2022 15:00:57 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/00fe505f/www-embed-player.vflset/ Frame 2BDA 193 KB
63 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/00fe505f/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6098464fc2e79a514e9fe383932f4eed6a1c99ff10b7c68e4985161728ef8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 12:03:05 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 00:19:22 GMT
server: sffe
age: 28107
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64984
x-xss-protection: 0
expires: Wed, 08 Jun 2022 12:03:05 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/ Frame 2BDA 2 MB
468 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ded76441d40cbfc6d43dda7a994820cf0a64ad3d0dee4e4635951203945143a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 11:29:21 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 00:19:22 GMT
server: sffe
age: 30131
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 478837
x-xss-protection: 0
expires: Wed, 08 Jun 2022 11:29:21 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/00fe505f/fetch-polyfill.vflset/ Frame 2BDA 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/00fe505f/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:43:55 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 00:19:22 GMT
server: sffe
age: 4057
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Wed, 08 Jun 2022 18:43:55 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2BDA 15 KB
15 KB 20ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 22:38:42 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 594770
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Wed, 01 Jun 2022 22:38:42 GMT

GET
H3-29

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 2BDA
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
161 B

28ms
15ms

XHR
application/json

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e7472c6e2cf62a51e47f0d0ff45b81106bbf093739f22b6c4c7ca78b4fe6c35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 08 Jun 2021 19:51:32 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 2BDA 29 B
407 B 26ms
6ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/00fe505f/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:46:15 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 317
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Tue, 08 Jun 2021 20:01:15 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/ Frame 2BDA 98 KB
30 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6e0a0fe337d88801541d8a75a75c0b7a43485445feba33975c6f02f55b8f960

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 15:31:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 00:19:22 GMT
server: sffe
age: 15591
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30987
x-xss-protection: 0
expires: Wed, 08 Jun 2022 15:31:41 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/ Frame 2BDA 25 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94fb21a4c660caa6b870eb1b203570f64148eed235be4f41be7fa177a7851578

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:44:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 00:19:22 GMT
server: sffe
age: 7620
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7459
x-xss-protection: 0
expires: Wed, 08 Jun 2022 17:44:32 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 2BDA 4 KB
2 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/00fe505f/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:32 GMT

GET
H/1.1 200
OK index.html Show response
sdk.scdn.co/embedded/ Frame 5B9A 569 B
778 B 6ms
6ms Document
text/html 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/embedded/index.html
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/spotify-player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1fee0b34c67a3e22047b627896862289225552817e79f658ade465b28c7103e0

Request headers

Host: sdk.scdn.co
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blip.fm/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

Connection: keep-alive
Content-Length: 343
Last-Modified: Thu, 22 Apr 2021 09:44:36 GMT
ETag: "020a11e6234e4c90d39e37aa7af91eaf"
Content-Type: text/html
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Tue, 08 Jun 2021 19:51:32 GMT
Age: 1707604
X-Served-By: cache-ord1732-ORD, cache-hhn11534-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 97
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 61 KB
21 KB 36ms
15ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81139c1f0555e526ad6b69fe3c05fcedbe4fa61b8f206dce368330625b7e5742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "897 / 629 of 1000 / last-modified: 1623150540"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21257
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:32 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 70 KB
21 KB 35ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

604b5109bd8c68f743c365bf13310900acbe9d0cb13313ff1832f8245b51dca4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20464
x-xss-protection: 0
server: sffe
date: Tue, 08 Jun 2021 19:51:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "ae17a17af6fc67cb"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Jun 2021 19:51:32 GMT

GET
H2 200 vue.js Show response
cdn.jsdelivr.net/npm/vue@2.x/dist/ 336 KB
85 KB 46ms
28ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js

Requested by

Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69b75483b270421e1a89426dd59387ba090772313561c3e9fa415396a78e8936

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4768
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8ec733ce000005f5ada37000000001
x-served-by: cache-fra19165-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"53fc9-Jp9Vk24Ybv0rJ6ZZ5HLpQ6vP7ig"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 65c4a7cc7d3905f5-FRA

GET
H2 200 vuetify.js Show response
cdn.jsdelivr.net/npm/vuetify@2.x/dist/ 2 MB
226 KB 52ms
35ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.js

Requested by

Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ce13eaf79702bbfacbd3a2b14a7f8b2f99eccaafae451060936d1ce15cf715d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7682
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8ec733ce000005f56229b000000001
x-served-by: cache-fra19122-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"188cdf-ruJm4eqa5qFdQdZqzAxUc/uGfYQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 65c4a7cc7d3c05f5-FRA

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/250/ 353 KB
114 KB 82ms
29ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/250/addthis_widget.js?pub=Blip.fm

Requested by

Host: blip.fm
URL: https://blip.fm/_/js/base.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Tue, 08 Jun 2021 19:51:32 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H/1.1 200
OK QuickSignup.26.js.jgz Show response
d1uswytv6491xe.cloudfront.net/js/ 1 KB
1 KB 30ms
29ms Script
application/x-javascript 65.9.58.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1uswytv6491xe.cloudfront.net/js/QuickSignup.26.js.jgz
Requested by: Host: blip.fm
URL: https://blip.fm/_/js/base.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.220 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3c00d50d6046dfc2e2a7de2a5a177d35e11b708fe9fc93f966c0d28a304ab485

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 03:39:52 GMT
Content-Encoding: gzip
Age: 10080701
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 742
Last-Modified: Thu, 04 Apr 2019 15:06:32 GMT
Server: AmazonS3
ETag: "7bc3abb8437d89e80c9407562df229a6"
Content-Type: application/x-javascript
Via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc1.cloudfront.net (CloudFront)
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: P6QFsofsUmPgDK3WFJbxQ3nh_RRAvVe8oKbv495_kO_y1VXTV8iHSA==
Expires: Thu, 04 Apr 2024 15:06:30 GMT

GET
H/1.1 200
OK profile.26.js.jgz Show response
d1uswytv6491xe.cloudfront.net/js/ 4 KB
2 KB 28ms
27ms Script
application/x-javascript 65.9.58.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1uswytv6491xe.cloudfront.net/js/profile.26.js.jgz
Requested by: Host: blip.fm
URL: https://blip.fm/_/js/base.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.220 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4b6c4dd2186139cfe5da8627cbd85b7f54e8b4d84164a4f98af88427c6ebb5e0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Feb 2021 03:04:01 GMT
Content-Encoding: gzip
Age: 10428452
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1287
Last-Modified: Thu, 04 Apr 2019 15:06:42 GMT
Server: AmazonS3
ETag: "b3067d3023e15c0cfc5362eb35a1a08a"
Content-Type: application/x-javascript
Via: 1.1 28ccbefb54459137bb0b0d946fd75e49.cloudfront.net (CloudFront)
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: buuOzwhbayNLe7lNT4Bgr9cjdEHqnOF2J3FtGmHiaghgrBWi31wlrA==
Expires: Thu, 04 Apr 2024 15:06:41 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 5B9A 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 759
date: Tue, 08 Jun 2021 19:38:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Tue, 08 Jun 2021 21:38:53 GMT

GET
H/1.1 200
OK index.js Show response
sdk.scdn.co/embedded/ Frame 5B9A 461 KB
112 KB 6ms
6ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/embedded/index.js
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3799840e4c9f8f842d29bd32da3ca39fc7cb1f5adf069126c37c996434f64e41

Request headers

Referer: https://sdk.scdn.co/embedded/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:32 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Apr 2021 09:44:36 GMT
Age: 32499
ETag: "06104d5845dc91facdae1d911c333d74"
X-Served-By: cache-ord1729-ORD, cache-hhn11534-HHN
X-Cache: HIT, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 114646
X-Cache-Hits: 16, 99

GET
H2 200 / Show response
apresolve.spotify.com/ Frame 5B9A 205 B
226 B 29ms
14ms Fetch
application/json 2600:1901:0:524d::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 655d2013c62900319a0da87ab51de91cf5432d6e119b7e8bd224389100b2931e

Request headers

Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: gzip
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=0
alt-svc: clear
content-length: 98
via: 1.1 google

GET
H2 200 pubads_impl_2021060701.js Show response
securepubads.g.doubleclick.net/gpt/ 318 KB
112 KB 91ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

094c1111eeb737673d376e2598c9abfad2c1dadeab91522940bbf5d2ff512a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 08:45:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:32 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 92ms
31ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js?pub=Blip.fm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=45646
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/Blip.fm/ 166 B
325 B 211ms
209ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/Blip.fm/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js?pub=Blip.fm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
content-encoding: gzip
etag: 659743217
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 154

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
247 B 15ms
15ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:32 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 31ms
17ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:32 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
367 B 146ms
146ms XHR
text/javascript 52.222.200.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fblip.fm%2Fbillpig50&pid=2EqcAdXcyMp8x&cb=0&ws=1600x1200&v=7.65.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_halfpage%22%7D%2C%7B%22sd%22%3A%226%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_mediumrectangle%22%7D%2C%7B%22sd%22%3A%227%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_mediumrectangle%22%7D%2C%7B%22sd%22%3A%228%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_mediumrectangle%22%7D%2C%7B%22sd%22%3A%229%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_mediumrectangle%22%7D%2C%7B%22sd%22%3A%2210%22%2C%22s%22%3A%5B%22336x280%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largerectangle%22%7D%2C%7B%22sd%22%3A%2211%22%2C%22s%22%3A%5B%22336x280%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largerectangle%22%7D%2C%7B%22sd%22%3A%2212%22%2C%22s%22%3A%5B%22336x280%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largerectangle%22%7D%2C%7B%22sd%22%3A%2213%22%2C%22s%22%3A%5B%22336x280%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largerectangle%22%7D%2C%7B%22sd%22%3A%2214%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largeleaderboard%22%7D%2C%7B%22sd%22%3A%2215%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_skyscraper%22%7D%2C%7B%22sd%22%3A%2216%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_anchor%22%7D%2C%7B%22sd%22%3A%2217%22%2C%22s%22%3A%5B%22970x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_superleaderboard%22%7D%2C%7B%22sd%22%3A%2218%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboardtop%22%7D%5D&cfgv=0&pubid=434bb5e4-3704-4b75-b36c-785a444462bd&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.200.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-200-121.cdg50.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:32 GMT
via: 1.1 2ba5677785db2f66bc73820b2a261477.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: CDG50-P2
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://blip.fm
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: VpQ8QQXRxgLNB6RDFQzqPVCjDgW0ekpNhZbNGhqwX5x8s5da52SBMQ==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 34ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=blip.fm

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 19:51:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 35ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=blip.fm

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 19:51:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 301 KB
89 KB 883ms
833ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2766186334253314&correlator=1902353778554983&output=ldjh&impl=fifs&eid=31061289%2C31061385%2C21064365%2C31061149&vrg=2021060701&ptt=17&sc=1&sfv=1-0-38&ecs=20210608&iu_parts=12230023%2Cel_blip_leaderboard%2Cel_blip_halfpage%2Cel_blip_mediumrectangle%2Cel_blip_largerectangle%2Cel_blip_largeleaderboard%2Cel_blip_skyscraper%2Cel_blip_anchor%2Cel_blip_superleaderboard%2Cel_blip_leaderboardtop&enc_prev_ius=%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F3%2C%2F0%2F3%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F4%2C%2F0%2F4%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C300x600%2C300x250%2C300x250%2C300x250%2C300x250%2C336x280%2C336x280%2C336x280%2C336x280%2C970x90%2C160x600%2C728x90%2C970x250%2C728x90&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&arp=1&abxe=1&lmt=1623181892&dt=1623181892987&dlt=1623181891190&idt=1612&frm=20&biw=1600&bih=1200&oid=3&adxs=-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C280%2C-9%2C436%2C-9%2C-9&adys=-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C664%2C-9%2C1110%2C-9%2C-9&adks=617433239%2C617433238%2C617433233%2C617433232%2C617433235%2C4165216314%2C3598324391%2C3598324388%2C3598324389%2C3598324394%2C1974185959%2C1974185958%2C1974185957%2C1974185956%2C3076314635%2C2382161721%2C3224969948%2C553478435%2C982267445&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc%7Cd%7Ce%7Cf%7Cg%7Ch%7Ci%7Cj&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fblip.fm%2Fbillpig50&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1040x0%7C0x-1%7C1600x-1%7C0x-1%7C0x-1&msz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1040x0%7C0x-1%7C1600x-1%7C0x-1%7C0x-1&ga_vid=1231501152.1623181892&ga_sid=1623181892&ga_hid=1229581055&ga_fc=true&fws=2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C4%2C2%2C516%2C2%2C2&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1040%2C0%2C1040%2C0%2C0&btvi=-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C0%7C-1%7C0%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

2cf815f03ae78c05316c42c7d01a715b9bb08acff70e0c4b4206dc99758e4828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91511
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-2,-1,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-2,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://blip.fm
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 47ms
14ms Other
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
162 B 16ms
16ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:32 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 17ms
16ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:32 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
162 B 17ms
16ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:33 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 17ms
17ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:33 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H3-29 200 container.html Show response
091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E532 6 KB
3 KB 21ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 08 Jun 2021 19:51:33 GMT
expires: Wed, 08 Jun 2022 19:51:33 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D889 6 KB
3 KB 17ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 08 Jun 2021 19:51:33 GMT
expires: Wed, 08 Jun 2022 19:51:33 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d8c7ce12428be733a9213b2fecae66db6950a933c276d68bf7c8271829a627d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623066164336645"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28149
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 41ms
20ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf1714063f194a48a6b6567b7d822c84989072c2e8067ea396b6c65a5a2151ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 19:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7894
x-xss-protection: 0

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame ADEC 624 B
297 B 23ms
23ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYsPmvXDAB&v=APEucNWxLR3rt-RrkqMkCtIX0NUnIJmMw4dTgJ6ED9xYO3cJjSgK_uIav6YyXy-RvGyowpcv2ZthSwG4Yi4F30FFslgyPumzFVZMDjKFCYYI9QOej_drMq_iV8qsIDR6zKMRZemJ1sucjTZ18NSBpFtXVVI3gzn4OxeGJk8vAgpVlZG5Oy0VLmg

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYsPmvXDAB&v=APEucNWxLR3rt-RrkqMkCtIX0NUnIJmMw4dTgJ6ED9xYO3cJjSgK_uIav6YyXy-RvGyowpcv2ZthSwG4Yi4F30FFslgyPumzFVZMDjKFCYYI9QOej_drMq_iV8qsIDR6zKMRZemJ1sucjTZ18NSBpFtXVVI3gzn4OxeGJk8vAgpVlZG5Oy0VLmg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlLA38Tm92Acs_dXNBqCKl5HKdiN1V_NqlMxPYB4VsbPNCcpQF2T40u8IuA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 08 Jun 2021 19:51:34 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D889 24 KB
12 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_B8gAZmK94b6ejNCnBQ2xeSoBdWoM7qQaVaOMzlUJhlQx8YR8Jdn-lVj6QJxEtIMvAdezKmtLMBXgal_VkJwQpYailMb_lttEaZTvHSiELGXLqEqXDb3qEPidfyanJAhsY3V5XDT7XX3uo3S7eY_5f6lhQw&cry=1&dbm_d=AKAmf-De9g-sLX3IYv00Zh5zaCZPOlbR6Uyt1iW2UWbyNcYB1TV78hjGxhbBnEahInDqZd3an9Q21zR6tE868jIMTMP2id85EE2iWYMV74bcWYmRc5CIdTgXBwqCNJSkMXrbxpQ-7QL5Jw5jEyEk4AagDcqAvHQS4GjLBMv-xn6p8VZSQ5kyeeHK5wqKRrqYNAizdxEbklOCFdp1RhGOKJORnJ1pYDjJVxrWDGDhVlLnGWCgJwux4b4EUOF_0ABmerP8Yz775TtsofHqM5FCIRlZWKRlCdNOSDSMEZucnFLFeBGZU1pgkeQXw_BStHOwB16i18A5wEc1Ka-KIEJyjVg3NH13JgvvObtT0io7IpTeG0N4xv6ZEqXiwrgdHUl60h9vwV1agXm-dbPHbKibF-mO31yrXuVTybERKPTpvVdyQAqkhtZ92okaYPW0pytj-RtPlPDuR1SuW2GYtt2j0Usd7CoBEs2qffKxzqO4fqh5EfIhZGjYs6l5hUEoS8QJIOipxzUi_BTfxgJxXnu9JhYupAZZ224_xTXSlA_GlE9EOeUZ9YEwymw5vxcfO-d2TTomE9SoFvVnkqOgYG3jrpLHFgp_3vFgkdUK7-MZ7mHqdCjAWpyXqWSe6GNoLaJ9c10NsVUK_5QFCkA6dVi8Wj6wsJ9m5DxTA0UypY66F6N9COGNoQ33425pVEZtS07nKO5jXg1ad7RxY60teqKmgyp3y1o9U0StnksFRhcJGPrePOH7pwCs5epyCajkzR7m1ff3wxzdnMPxWlD_y_m62GuFU9LHbKFPOHhr0f2aXj9Ii_tiRLa8UBhBZ6bVClrv965WGZwlLyAEscyP-LDPoD3u4Wpt7pijgGySAFUu0SF-oaRVvraBVAYJCiZyMHFjxqmPALszUuqjUW5nVCnn3HZ7df0RGp0aDvDjrrQaOJAkH8z2W-kxKMrF81Dv7QJyOzg0Qa8M8cVLV71ly1fwsy4Y7QiwC3sol6i9zvaiHqrefBXX4EZuyWrrRObGHYPVp7K2ZQt5brAQJlC5l15JmuBdHZPJaDnnBQWkMrSA9vPTGv1wRo4TG_C6d8DRkDNzwSdSZK1gUYwkOdwlr2lMuaNcefJ3RhTO-Tb3oMWu5EVyFL6FV27jc8pmo4m4RNIw5CPPIH9LDRsm5zWqIhThAhfYxA8GO13vG-L8_tVOEIY94o4oDomy5e2g9dBXShyn19vm6h6sy0MdFdD6cJUXuMDjOpwdqJPBQ0yCw1X6_wEvyYb3SBoStqh8apc3RIYp60qNTrR970VCJ1f-Qn0dkc_aZN8VYbboYcSuuSfDEJaPalZy_zumasRksSro1uFewccHqDgF3kJcjev5ORyUonQJP3fNEiWlozwoikR4a5EW0072XoBOlNbHSI5SyqSZa0qJovqiz8I5_PVcXBhjt16YuHHCTbPYpsW5LKzkD_PJhjvBTLSsMoKspBzsHC4DsU3BplmzVY7nrtB_BiTeRpbkdAtqwAm942IVPGWs1m4bx9Q5K26MiiR3HjWOqu2t6jNmmYIdOg38GcBSj79I2WE0rSwN_D_EO_Z7uFLLEW8F4FqKqc9xstavbT4MZ1JqvAq8prbUnwzVDpMb0gnu9GDpDe7hNowU0kRiX3z0H7giodR-2QLoY1P6TMxhsGsh_q6cOn8CPl9lDPsuUTIssNizda1O7LZxM0H5K8RmqH_wGof9oYeW6UkT-r7SB2KJvwLI7tajJP2LT-5xUwN3wA0ZPf4QxQ08ZtcYWJtrZfHZ_wFjpS1qHT5bK9KiiIywN0NYhtlGz2L5LFy5WMB9shFIG9pnwDy33nh--h72PpOodxwvgPoCyNFGL3Dvnp80K21dBZgGs3ZNfL5WpVepwBteOkguGqPt7HYjrrhgZglTVPnLd_iYSvF9Vpt2WHpi3GwU2yr2M_xEyy8Rd9LL5gqV_VKX2sePXDEZL_HTayUEbhdBJOl_BDdmeijwB0DriQxMY0w6YrrAb40eqc3n1OWRyqhHZyTpCRFm4V-QyN5ab9OZ0AtIGnZcYUVQfaNWHp7_UgNG5tKrXZ-YwjWtmhsbofUBD2VNb302QXRjSmxhz2aPS1t8EFlnv5JpIsJXMyD5xAy9aJmN-6PyFXrhzXFJKkdu82hU6fhLKGpAhUBTItLdAOuA7ihKnAWokQTUB1Eq2jUz_maX7tyNIm3LR8xvOsKmXnyoyeo-0kF4R74l5-Rm_FGij6mPW94whaX23jUm39hPA18xlQp7ga3sw8uj1ow7y7lpVxj2V-f9kXu36GmjJbEnHQaJcKsrj-4OmW8O8SD21hviL-nZ0aY4f4bwxuY4YATuJLItf_xxQVyiO1DO7DZg-ewU3lSn35acE3j1Q9KE48DlTztbPFUBpRboU1DUDYP1BbOIszrNYNIr7Qz66ElgrR1jDZ7RVY4il4RBLHP4XQe592gvR3IXglBB0HkzvWbpzvT33o1CSiTk9L7Ih-vWP6vijje1P7xJC5r8gkisXgUSibC6xbkXs7xvuK-s8HrLgLqDXMw9_LkSNhEvPc-XZGlZLPi4D1Ac-buaLh5wyt-SLp1KFDsMHarXIR72diXY2rsq4XzCs0vRV5XDek_GjizpmzJaUsroZDcq3sHPiJ762z7fK1z8DtZ6e2MU0sEu8fVuMHH2mSdeScCA8a26oQPnwJGQqDFvm-viW-ZRKxNxqzHnGHi43eF1KAPr61q2Y31GvAoTUVczcfDZS_YXyav5MznJ2_CLuIw6ON_QSAltCkrMzvgZL-UFWckCajHx1YSvEyKjJI2U2BC6TRfMKsAxT93IiW22AfGBaetP583sdknkiGN4okaEfEjtCMdkzymE50s0QosscFqmUtbZwC9nnj8Wg3FDE0AFqFYMMrSD9o3EywOdO3DQqKcYu-z1-Gab_-3YGLmQwz1fYcjakex1t_d05163xSzo99npMLhNQzEhqBSRkw9ZtMayBf6pngcsSqcCPNDAbsdO3fy4VP-Gs9KWDx5OAuP8Ilh1TPddbOO74AebVKTlTZZO11aJWAsaBvmIOVSDhrlB50XjFudo4grf12zZQ-eWwm6BNH1H7cYMJsGLX2k4udgXVthLoa4e0ofBzEUZc2ywiN-uyYHKp-ZOwbY6_MSFbX6ZTnbo&cid=CAASEuRoLiByXqUp1iO1Ot9_kkb1aQ&rfl=1%2Chttps%253A%252F%252Fblip.fm%252F%240

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d723b07c16a3fb155ea521365c61ca301d4da61d90954a153b7918608811c234

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D889 42 B
226 B 16ms
15ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CLeSA1z3Tlk6JOK40RI2vUXDetDD0jpuRk10uwjJpAy7TZTTSfCH5wbYy6aMqojKUdBz0dSwMkfb0h8crqzTrq6LSRpqa9-yc4oLlQi5fhsmSEq3k

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/ Frame D889 2 KB
1 KB 33ms
11ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/window_focus_fy2019.js

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:47:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 19:47:49 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D889 122 KB
37 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623066169988846"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/ Frame D889 13 KB
6 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:50:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 19:50:40 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FAA6 624 B
297 B 24ms
24ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYs7qwXDAB&v=APEucNURjOV_AIPAFDASRr98lG0H6AEkvlYLsBvyX2EiRCVd2nxztdIbwxR6ZEZv0__6bpMLRlDl5WHLrAbxX2X-Z4HninuymXRhtWxWSJTUFwMJ91T9v305sVEoo4E5wQKXWKK7EIlXZhSeJsdrp7he9yQyO5cBPqbT587A7rUUJglPllKfs2g

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYs7qwXDAB&v=APEucNURjOV_AIPAFDASRr98lG0H6AEkvlYLsBvyX2EiRCVd2nxztdIbwxR6ZEZv0__6bpMLRlDl5WHLrAbxX2X-Z4HninuymXRhtWxWSJTUFwMJ91T9v305sVEoo4E5wQKXWKK7EIlXZhSeJsdrp7he9yQyO5cBPqbT587A7rUUJglPllKfs2g
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlLA38Tm92Acs_dXNBqCKl5HKdiN1V_NqlMxPYB4VsbPNCcpQF2T40u8IuA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 08 Jun 2021 19:51:34 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E532 24 KB
12 KB 38ms
35ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BFy6Kp-_cPzaeB66O1H0gJ-t7aHaPLGNycRH00dMyVTeNLOuz8o4maS2a8caBSkH59_m7mxai7IiRj-xq_9-G1tGb5UxelOKIW9YF2DV_RP_XFBubRI-1UXVZDskYW6vJUgOXOCZ6PNHsNlCl6mFoGIttmQA&cry=1&dbm_d=AKAmf-BScR69uplpmKyAquB9Vs0pqyYoA-uuI8BM26mOQhN5JxwmX6rQcVDsNNI8VoefJwPPnMZT5yndf7PB-FACJmd-uNT7JOzRDdsage2zcAYo1uszNLatn9ylIsrewSvK1aU2UrQYQm9Gh7zaosQQ-5-u_MQSe0JpgzEb4lN7BTjOAy-O9qaAjC6HhVanx8KeSdRU83B4vp5UDidWaUo0oqyySkKDqdeFm5Mab8OzUG5f9LMZYbHNhkqOzgER1ddMP3HVGfPCNzy07u4UFYOKEr91j8jNENTwEb7gzINHxQ3O2ueJLvqEvNyM2r3bg3nNMK0xOuPCFYczpSUEOy8R9kEUKi7qFlfPOud_arCg4uoN_7S83znzTD29e-9y98I7qBfkfcsH4pu3w9_ETYPK2ANozDyjlZ-sheUAIcxquEaScZWmTKOo8RUJB3fQLXApTfJj_wIPClAYqMVdnDeQcMn2RXlN4sgm4z6J4CKDBvfMd7pPqlGxq3BL4AeNAGToYRa7ZzBB5udrsoI_lbaXadGdqn1bXfq0OiH_GNhcJpOSwBqMe3Pk_aiZzscQUcrPgerob5Payo2m5W1lJOUgBdDbuIxllNCMfsbVUW9j5K4etPOTYXn6IwHrtC-EIkDnBkZ2uh3uWk_bhoOtzJYSoKm3tQCOnVYTTi7IUzCUI6V2gw__MfKRuR4U9IFcRCizTLLNmL2Jw6vCYkTBVcE8Ze72u-S-0Mxl-84s0xtSjpDi4NJ4Gj4fMGaTXjq7RunKYmHXqZDiq9IS-VF8kT7aI0tHX4p-ED6GfCUUHfdnXPFOVnlsiiZbFFIu98D1f_WBv38tgIPOW7tAb3Rx_wHYxg4IZYpPDQEtlbqjdQ4ZA5cVwP6l-KP6mAWSGqtWDk9qaK_euSxJN7uWysBbrNAlIoHF4gC_hXQRXcsNq_AJryEo_Hb3qVY6QvpwZkOLSQqSUOoQjXy9HYxVysLCx9evQsQdxdeGP6OdJP8HrNNuDtUVsoEcVKEDke07FlKYH7thzIfER_kHZJGIS4jE5P6qT4qoUOde6cYAZwhEgIpa4NullvrC9TLW16vDtkgm7XxKsJQ1-LHqGPzh5VoaaPSozZ9HKhy0FdtUo69aky7pj6h0HJUDVqzVrWsCn_1vj_9ndaXRSaXUW3Y-Lby2-7KtdGn6CLpkoUwyD3Iy2zqbjBmKiuEsWUjc8MeLx6LrOP15CmbO_zsYTRtOsWAFIm4r1l-h-46wiULNeWhpw69l1Ne2xQpSlUbqtW0SZbZ5r--4aWgr5ulKvZUMcOYeX0UluxGamgKu5nN3P8KdNuMfeoroAtcxMUyWyGogV9jXp-hpZRLHbn1R0TzgNQx7K7bQEedzLTPenhwbS2E6Y5mhgAlnPckOZbyE5WvndoeqEIHwOOQsWfCWtP9KgW0z2e2Ng_w-cxzzd33IC8-GgW_PqlBE-MrrinLOo2W-lAG3oyK0xqp2bbleWxZ6EBOfc3GJ_D0iuuI1bsonc1E8oBrZvicYp-FH0gfQS0pp4fQXTqL8i37pGIbUangls04bs239z2_609jNZkxtV-G7hlZmIumLxmwj6Btz_CoFcRSSaBV1meAu7xdTmha9nTgiIQfpan7aTwOcuxtOaXGbioxR6I-MjL8W0Xfg8ybg7d3VLNpxN3pic64ngj5lbhx92zyLiXSEyVaq-0ErXKfLLjXkQa1zl9JRoDmqdB8xEOwshhETe86ZkN3XnNJCkBf7nLuIObFhbB6jt68iyKDXkff943qdVaJq5UxbmngjJaKPqXOkyoxHssVfgBkBEiRPWDr1T9iOOrLKUfc8_zSZnNgw46kwI1ozUGzcU1xYOAss2UE2egibIn5Yxf3fjsCRJNa4gsE7T0KZaa35pWaXCCEF7vbKY9fHtE9YH9UZsTlk_Fo5ccqDKpMhuhx_su-yuyx9SSwbSiCur6VDQyYL3K2gY2JaTETUdGkjAM6GWU3lubt2TT29iWKYs9wEDRY4I3ziVZANjAakqzkLcQTpI5nPvLLEgPZc-Mo9_vN5bu-TQOImVyxbA0X61MBNbfEoMT6_EIFQGcj20NGh4qwRygr_kCi6a57YVmwr0ppKOQvNXcH8T1ROQRW_JlZQj8-g-Y1X32hE6nj_TWZdG8qvbxlUx91hIsecxYQOu8OsiabycZg4qt7cNOeqqc582U2AZ9HY5SPKjqKYekfH291tbUS3viezHkh9MffH-P67v61YM0kMJCm0_-2F_cr92NFlC__vU4T7_p3TXgsRW-XtMkQHhTJDjh5FJdEJJ56JZ6FY2yCgG-EuwegTVNpN0enEeQRIEkHgLvkbP5XMkDoqwZh8DfejFpbbomTwrtzABtRmn5ywIhz3NIW0acizQLEYblXc5DlmgoPl89lKiKayw8FzYYqPpYu1-T_bChH-oRr5wF5h-bntDnSwGdiIawBb_EAGsgQe77R319oQOvyAwd0TkKc17eO5CGVFDcHWvu2HQ2WLFY-Ml76_Z1v28KHPBVzGHfKHKAdlq4UpMKERJgNX-JEqenkDq2rzRysDhRZFEW9wp3UahFyK0oLyS4k-WZBitlbHJw5yYqGADuI3zOdJJ2HFzByIL0Cc8vSfoZdfptd-etNIrEJYg3nmM8pGebsD8bs77A7Xe1ud92CRmY7FdcOV4AK7jW8_tJe4YWVG4QCY5E6am3q8MXtr-PpF2TPkoTqGBpGJT53ZLbwOcCi1T8VnJRCwqUeQ2wJ3DlBN6tNE9K_NaSKH3e_Z53sB5SogTW67rluojqKh7ZuImpKvQ-nGATPiHqW2-9tV1g0IARRpc4efgifsUCEO2IKRYrHw9SZRIG3izov3wt0urMMnRF1Yd5ywfM_P4NW7xTrzZmE98sl0_un6wE3MMM-Gx7MK2dF-iJcBcvAwURxJUyqY4qbCUL6k9ESbCBQ9Bj-NOMmuf24rzREuGB8176d4cUn_WLudsJmDKWqDD7UkiI_jjOH3XcCR8zQLOBYGfosm-sRbcF9zoog-w0OKk1fgvJB6y8ckSygBtcVj0tfC8EHaqsgERAcZz50UgvgWmKA1zT_ei9wDUlw6K2xLJ-WTAI6nSM0_BOI6J8TAOF_EIViFJSg2Xj31xecjTgpOuI7Yd0duM4vOk-se&cid=CAASEuRomJSRmqFLIWt_yZR95bA9Vw&rfl=1%2Chttps%253A%252F%252Fblip.fm%252F%240

Requested by

Host: blip.fm
URL: https://blip.fm/billpig50

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60ffdbdb82d005331e973b32112008f30bc8f99d3b0dade5add1cb769c00fc34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E532 42 B
107 B 15ms
13ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BiVRrX4MU6pfk03J9mS0iUg2afrpkYO-DCAbLXqq8_Pj4_Ez4rFR-KK1xN_xFbY852GMqzj87_NbbjxnPZ0vOjiHCG-FmMmjv_9Ik0VmYkECGOBbA

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/ Frame E532 2 KB
1 KB 27ms
9ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/window_focus_fy2019.js

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:47:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 19:47:49 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E532 122 KB
37 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623066169988846"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/ Frame E532 13 KB
6 KB 25ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:50:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 19:50:40 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E532 0
0 15ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR-24eiQouWjshsmsCZP-Wn5r6W09CxVDyP59rDLBNCxtzkFFswdem1eA4B0Z_SCnMaLslmdpTKYuK8zm0Vr6BeBSR-NQ
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 29ms
14ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/ Frame D889 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_B8gAZmK94b6ejNCnBQ2xeSoBdWoM7qQaVaOMzlUJhlQx8YR8Jdn-lVj6QJxEtIMvAdezKmtLMBXgal_VkJwQpYailMb_lttEaZTvHSiELGXLqEqXDb3qEPidfyanJAhsY3V5XDT7XX3uo3S7eY_5f6lhQw&cry=1&dbm_d=AKAmf-De9g-sLX3IYv00Zh5zaCZPOlbR6Uyt1iW2UWbyNcYB1TV78hjGxhbBnEahInDqZd3an9Q21zR6tE868jIMTMP2id85EE2iWYMV74bcWYmRc5CIdTgXBwqCNJSkMXrbxpQ-7QL5Jw5jEyEk4AagDcqAvHQS4GjLBMv-xn6p8VZSQ5kyeeHK5wqKRrqYNAizdxEbklOCFdp1RhGOKJORnJ1pYDjJVxrWDGDhVlLnGWCgJwux4b4EUOF_0ABmerP8Yz775TtsofHqM5FCIRlZWKRlCdNOSDSMEZucnFLFeBGZU1pgkeQXw_BStHOwB16i18A5wEc1Ka-KIEJyjVg3NH13JgvvObtT0io7IpTeG0N4xv6ZEqXiwrgdHUl60h9vwV1agXm-dbPHbKibF-mO31yrXuVTybERKPTpvVdyQAqkhtZ92okaYPW0pytj-RtPlPDuR1SuW2GYtt2j0Usd7CoBEs2qffKxzqO4fqh5EfIhZGjYs6l5hUEoS8QJIOipxzUi_BTfxgJxXnu9JhYupAZZ224_xTXSlA_GlE9EOeUZ9YEwymw5vxcfO-d2TTomE9SoFvVnkqOgYG3jrpLHFgp_3vFgkdUK7-MZ7mHqdCjAWpyXqWSe6GNoLaJ9c10NsVUK_5QFCkA6dVi8Wj6wsJ9m5DxTA0UypY66F6N9COGNoQ33425pVEZtS07nKO5jXg1ad7RxY60teqKmgyp3y1o9U0StnksFRhcJGPrePOH7pwCs5epyCajkzR7m1ff3wxzdnMPxWlD_y_m62GuFU9LHbKFPOHhr0f2aXj9Ii_tiRLa8UBhBZ6bVClrv965WGZwlLyAEscyP-LDPoD3u4Wpt7pijgGySAFUu0SF-oaRVvraBVAYJCiZyMHFjxqmPALszUuqjUW5nVCnn3HZ7df0RGp0aDvDjrrQaOJAkH8z2W-kxKMrF81Dv7QJyOzg0Qa8M8cVLV71ly1fwsy4Y7QiwC3sol6i9zvaiHqrefBXX4EZuyWrrRObGHYPVp7K2ZQt5brAQJlC5l15JmuBdHZPJaDnnBQWkMrSA9vPTGv1wRo4TG_C6d8DRkDNzwSdSZK1gUYwkOdwlr2lMuaNcefJ3RhTO-Tb3oMWu5EVyFL6FV27jc8pmo4m4RNIw5CPPIH9LDRsm5zWqIhThAhfYxA8GO13vG-L8_tVOEIY94o4oDomy5e2g9dBXShyn19vm6h6sy0MdFdD6cJUXuMDjOpwdqJPBQ0yCw1X6_wEvyYb3SBoStqh8apc3RIYp60qNTrR970VCJ1f-Qn0dkc_aZN8VYbboYcSuuSfDEJaPalZy_zumasRksSro1uFewccHqDgF3kJcjev5ORyUonQJP3fNEiWlozwoikR4a5EW0072XoBOlNbHSI5SyqSZa0qJovqiz8I5_PVcXBhjt16YuHHCTbPYpsW5LKzkD_PJhjvBTLSsMoKspBzsHC4DsU3BplmzVY7nrtB_BiTeRpbkdAtqwAm942IVPGWs1m4bx9Q5K26MiiR3HjWOqu2t6jNmmYIdOg38GcBSj79I2WE0rSwN_D_EO_Z7uFLLEW8F4FqKqc9xstavbT4MZ1JqvAq8prbUnwzVDpMb0gnu9GDpDe7hNowU0kRiX3z0H7giodR-2QLoY1P6TMxhsGsh_q6cOn8CPl9lDPsuUTIssNizda1O7LZxM0H5K8RmqH_wGof9oYeW6UkT-r7SB2KJvwLI7tajJP2LT-5xUwN3wA0ZPf4QxQ08ZtcYWJtrZfHZ_wFjpS1qHT5bK9KiiIywN0NYhtlGz2L5LFy5WMB9shFIG9pnwDy33nh--h72PpOodxwvgPoCyNFGL3Dvnp80K21dBZgGs3ZNfL5WpVepwBteOkguGqPt7HYjrrhgZglTVPnLd_iYSvF9Vpt2WHpi3GwU2yr2M_xEyy8Rd9LL5gqV_VKX2sePXDEZL_HTayUEbhdBJOl_BDdmeijwB0DriQxMY0w6YrrAb40eqc3n1OWRyqhHZyTpCRFm4V-QyN5ab9OZ0AtIGnZcYUVQfaNWHp7_UgNG5tKrXZ-YwjWtmhsbofUBD2VNb302QXRjSmxhz2aPS1t8EFlnv5JpIsJXMyD5xAy9aJmN-6PyFXrhzXFJKkdu82hU6fhLKGpAhUBTItLdAOuA7ihKnAWokQTUB1Eq2jUz_maX7tyNIm3LR8xvOsKmXnyoyeo-0kF4R74l5-Rm_FGij6mPW94whaX23jUm39hPA18xlQp7ga3sw8uj1ow7y7lpVxj2V-f9kXu36GmjJbEnHQaJcKsrj-4OmW8O8SD21hviL-nZ0aY4f4bwxuY4YATuJLItf_xxQVyiO1DO7DZg-ewU3lSn35acE3j1Q9KE48DlTztbPFUBpRboU1DUDYP1BbOIszrNYNIr7Qz66ElgrR1jDZ7RVY4il4RBLHP4XQe592gvR3IXglBB0HkzvWbpzvT33o1CSiTk9L7Ih-vWP6vijje1P7xJC5r8gkisXgUSibC6xbkXs7xvuK-s8HrLgLqDXMw9_LkSNhEvPc-XZGlZLPi4D1Ac-buaLh5wyt-SLp1KFDsMHarXIR72diXY2rsq4XzCs0vRV5XDek_GjizpmzJaUsroZDcq3sHPiJ762z7fK1z8DtZ6e2MU0sEu8fVuMHH2mSdeScCA8a26oQPnwJGQqDFvm-viW-ZRKxNxqzHnGHi43eF1KAPr61q2Y31GvAoTUVczcfDZS_YXyav5MznJ2_CLuIw6ON_QSAltCkrMzvgZL-UFWckCajHx1YSvEyKjJI2U2BC6TRfMKsAxT93IiW22AfGBaetP583sdknkiGN4okaEfEjtCMdkzymE50s0QosscFqmUtbZwC9nnj8Wg3FDE0AFqFYMMrSD9o3EywOdO3DQqKcYu-z1-Gab_-3YGLmQwz1fYcjakex1t_d05163xSzo99npMLhNQzEhqBSRkw9ZtMayBf6pngcsSqcCPNDAbsdO3fy4VP-Gs9KWDx5OAuP8Ilh1TPddbOO74AebVKTlTZZO11aJWAsaBvmIOVSDhrlB50XjFudo4grf12zZQ-eWwm6BNH1H7cYMJsGLX2k4udgXVthLoa4e0ofBzEUZc2ywiN-uyYHKp-ZOwbY6_MSFbX6ZTnbo&cid=CAASEuRoLiByXqUp1iO1Ot9_kkb1aQ&rfl=1%2Chttps%253A%252F%252Fblip.fm%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5975f21c81bda9dfd465bc96ee93a336e22d160bed0054ef916a8392d5aa406

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:48:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 164
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 12295082536333688880
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 19:48:50 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D889 41 KB
15 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 06:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48681
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 06:20:13 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/ Frame E532 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BFy6Kp-_cPzaeB66O1H0gJ-t7aHaPLGNycRH00dMyVTeNLOuz8o4maS2a8caBSkH59_m7mxai7IiRj-xq_9-G1tGb5UxelOKIW9YF2DV_RP_XFBubRI-1UXVZDskYW6vJUgOXOCZ6PNHsNlCl6mFoGIttmQA&cry=1&dbm_d=AKAmf-BScR69uplpmKyAquB9Vs0pqyYoA-uuI8BM26mOQhN5JxwmX6rQcVDsNNI8VoefJwPPnMZT5yndf7PB-FACJmd-uNT7JOzRDdsage2zcAYo1uszNLatn9ylIsrewSvK1aU2UrQYQm9Gh7zaosQQ-5-u_MQSe0JpgzEb4lN7BTjOAy-O9qaAjC6HhVanx8KeSdRU83B4vp5UDidWaUo0oqyySkKDqdeFm5Mab8OzUG5f9LMZYbHNhkqOzgER1ddMP3HVGfPCNzy07u4UFYOKEr91j8jNENTwEb7gzINHxQ3O2ueJLvqEvNyM2r3bg3nNMK0xOuPCFYczpSUEOy8R9kEUKi7qFlfPOud_arCg4uoN_7S83znzTD29e-9y98I7qBfkfcsH4pu3w9_ETYPK2ANozDyjlZ-sheUAIcxquEaScZWmTKOo8RUJB3fQLXApTfJj_wIPClAYqMVdnDeQcMn2RXlN4sgm4z6J4CKDBvfMd7pPqlGxq3BL4AeNAGToYRa7ZzBB5udrsoI_lbaXadGdqn1bXfq0OiH_GNhcJpOSwBqMe3Pk_aiZzscQUcrPgerob5Payo2m5W1lJOUgBdDbuIxllNCMfsbVUW9j5K4etPOTYXn6IwHrtC-EIkDnBkZ2uh3uWk_bhoOtzJYSoKm3tQCOnVYTTi7IUzCUI6V2gw__MfKRuR4U9IFcRCizTLLNmL2Jw6vCYkTBVcE8Ze72u-S-0Mxl-84s0xtSjpDi4NJ4Gj4fMGaTXjq7RunKYmHXqZDiq9IS-VF8kT7aI0tHX4p-ED6GfCUUHfdnXPFOVnlsiiZbFFIu98D1f_WBv38tgIPOW7tAb3Rx_wHYxg4IZYpPDQEtlbqjdQ4ZA5cVwP6l-KP6mAWSGqtWDk9qaK_euSxJN7uWysBbrNAlIoHF4gC_hXQRXcsNq_AJryEo_Hb3qVY6QvpwZkOLSQqSUOoQjXy9HYxVysLCx9evQsQdxdeGP6OdJP8HrNNuDtUVsoEcVKEDke07FlKYH7thzIfER_kHZJGIS4jE5P6qT4qoUOde6cYAZwhEgIpa4NullvrC9TLW16vDtkgm7XxKsJQ1-LHqGPzh5VoaaPSozZ9HKhy0FdtUo69aky7pj6h0HJUDVqzVrWsCn_1vj_9ndaXRSaXUW3Y-Lby2-7KtdGn6CLpkoUwyD3Iy2zqbjBmKiuEsWUjc8MeLx6LrOP15CmbO_zsYTRtOsWAFIm4r1l-h-46wiULNeWhpw69l1Ne2xQpSlUbqtW0SZbZ5r--4aWgr5ulKvZUMcOYeX0UluxGamgKu5nN3P8KdNuMfeoroAtcxMUyWyGogV9jXp-hpZRLHbn1R0TzgNQx7K7bQEedzLTPenhwbS2E6Y5mhgAlnPckOZbyE5WvndoeqEIHwOOQsWfCWtP9KgW0z2e2Ng_w-cxzzd33IC8-GgW_PqlBE-MrrinLOo2W-lAG3oyK0xqp2bbleWxZ6EBOfc3GJ_D0iuuI1bsonc1E8oBrZvicYp-FH0gfQS0pp4fQXTqL8i37pGIbUangls04bs239z2_609jNZkxtV-G7hlZmIumLxmwj6Btz_CoFcRSSaBV1meAu7xdTmha9nTgiIQfpan7aTwOcuxtOaXGbioxR6I-MjL8W0Xfg8ybg7d3VLNpxN3pic64ngj5lbhx92zyLiXSEyVaq-0ErXKfLLjXkQa1zl9JRoDmqdB8xEOwshhETe86ZkN3XnNJCkBf7nLuIObFhbB6jt68iyKDXkff943qdVaJq5UxbmngjJaKPqXOkyoxHssVfgBkBEiRPWDr1T9iOOrLKUfc8_zSZnNgw46kwI1ozUGzcU1xYOAss2UE2egibIn5Yxf3fjsCRJNa4gsE7T0KZaa35pWaXCCEF7vbKY9fHtE9YH9UZsTlk_Fo5ccqDKpMhuhx_su-yuyx9SSwbSiCur6VDQyYL3K2gY2JaTETUdGkjAM6GWU3lubt2TT29iWKYs9wEDRY4I3ziVZANjAakqzkLcQTpI5nPvLLEgPZc-Mo9_vN5bu-TQOImVyxbA0X61MBNbfEoMT6_EIFQGcj20NGh4qwRygr_kCi6a57YVmwr0ppKOQvNXcH8T1ROQRW_JlZQj8-g-Y1X32hE6nj_TWZdG8qvbxlUx91hIsecxYQOu8OsiabycZg4qt7cNOeqqc582U2AZ9HY5SPKjqKYekfH291tbUS3viezHkh9MffH-P67v61YM0kMJCm0_-2F_cr92NFlC__vU4T7_p3TXgsRW-XtMkQHhTJDjh5FJdEJJ56JZ6FY2yCgG-EuwegTVNpN0enEeQRIEkHgLvkbP5XMkDoqwZh8DfejFpbbomTwrtzABtRmn5ywIhz3NIW0acizQLEYblXc5DlmgoPl89lKiKayw8FzYYqPpYu1-T_bChH-oRr5wF5h-bntDnSwGdiIawBb_EAGsgQe77R319oQOvyAwd0TkKc17eO5CGVFDcHWvu2HQ2WLFY-Ml76_Z1v28KHPBVzGHfKHKAdlq4UpMKERJgNX-JEqenkDq2rzRysDhRZFEW9wp3UahFyK0oLyS4k-WZBitlbHJw5yYqGADuI3zOdJJ2HFzByIL0Cc8vSfoZdfptd-etNIrEJYg3nmM8pGebsD8bs77A7Xe1ud92CRmY7FdcOV4AK7jW8_tJe4YWVG4QCY5E6am3q8MXtr-PpF2TPkoTqGBpGJT53ZLbwOcCi1T8VnJRCwqUeQ2wJ3DlBN6tNE9K_NaSKH3e_Z53sB5SogTW67rluojqKh7ZuImpKvQ-nGATPiHqW2-9tV1g0IARRpc4efgifsUCEO2IKRYrHw9SZRIG3izov3wt0urMMnRF1Yd5ywfM_P4NW7xTrzZmE98sl0_un6wE3MMM-Gx7MK2dF-iJcBcvAwURxJUyqY4qbCUL6k9ESbCBQ9Bj-NOMmuf24rzREuGB8176d4cUn_WLudsJmDKWqDD7UkiI_jjOH3XcCR8zQLOBYGfosm-sRbcF9zoog-w0OKk1fgvJB6y8ckSygBtcVj0tfC8EHaqsgERAcZz50UgvgWmKA1zT_ei9wDUlw6K2xLJ-WTAI6nSM0_BOI6J8TAOF_EIViFJSg2Xj31xecjTgpOuI7Yd0duM4vOk-se&cid=CAASEuRomJSRmqFLIWt_yZR95bA9Vw&rfl=1%2Chttps%253A%252F%252Fblip.fm%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5975f21c81bda9dfd465bc96ee93a336e22d160bed0054ef916a8392d5aa406

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:48:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 164
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 12295082536333688880
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 19:48:50 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E532 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 06:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48681
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 06:20:13 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame ADEC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1&C=1

43 B
1014 B

36ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYsPmvXDAB&v=APEucNWxLR3rt-RrkqMkCtIX0NUnIJmMw4dTgJ6ED9xYO3cJjSgK_uIav6YyXy-RvGyowpcv2ZthSwG4Yi4F30FFslgyPumzFVZMDjKFCYYI9QOej_drMq_iV8qsIDR6zKMRZemJ1sucjTZ18NSBpFtXVVI3gzn4OxeGJk8vAgpVlZG5Oy0VLmg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 08 Jun 2021 19:51:34 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame ADEC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL-KRvUSkZ2sybeho3QH0wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1

43 B
894 B

36ms
36ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYsPmvXDAB&v=APEucNWxLR3rt-RrkqMkCtIX0NUnIJmMw4dTgJ6ED9xYO3cJjSgK_uIav6YyXy-RvGyowpcv2ZthSwG4Yi4F30FFslgyPumzFVZMDjKFCYYI9QOej_drMq_iV8qsIDR6zKMRZemJ1sucjTZ18NSBpFtXVVI3gzn4OxeGJk8vAgpVlZG5Oy0VLmg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 08 Jun 2021 19:51:34 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame ADEC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECrOZrb5C-Vjcmzaax2sCEA&google_cver=1

43 B
1018 B

50ms
24ms

Image
image/gif

185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECrOZrb5C-Vjcmzaax2sCEA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYsPmvXDAB&v=APEucNWxLR3rt-RrkqMkCtIX0NUnIJmMw4dTgJ6ED9xYO3cJjSgK_uIav6YyXy-RvGyowpcv2ZthSwG4Yi4F30FFslgyPumzFVZMDjKFCYYI9QOej_drMq_iV8qsIDR6zKMRZemJ1sucjTZ18NSBpFtXVVI3gzn4OxeGJk8vAgpVlZG5Oy0VLmg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
X-Proxy-Origin: 185.93.2.145; 185.93.2.145; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.4:80
AN-X-Request-Uuid: 2e342687-9ea2-4748-a8b1-99ba22b9e194
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECrOZrb5C-Vjcmzaax2sCEA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame ADEC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyNzkyNDgzNjY2ODM1Mzg4

170 B
188 B

59ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyNzkyNDgzNjY2ODM1Mzg4

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
X-Proxy-Origin: 185.93.2.145; 185.93.2.145; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.180:80
AN-X-Request-Uuid: f9ae9f81-6dff-48c2-b4ba-c8dea6484403
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyNzkyNDgzNjY2ODM1Mzg4
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FAA6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1&C=1

43 B
1014 B

53ms
53ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYs7qwXDAB&v=APEucNURjOV_AIPAFDASRr98lG0H6AEkvlYLsBvyX2EiRCVd2nxztdIbwxR6ZEZv0__6bpMLRlDl5WHLrAbxX2X-Z4HninuymXRhtWxWSJTUFwMJ91T9v305sVEoo4E5wQKXWKK7EIlXZhSeJsdrp7he9yQyO5cBPqbT587A7rUUJglPllKfs2g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 08 Jun 2021 19:51:34 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FAA6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL-KRvUSkZ2sybeho3QH0wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1

43 B
894 B

34ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYs7qwXDAB&v=APEucNURjOV_AIPAFDASRr98lG0H6AEkvlYLsBvyX2EiRCVd2nxztdIbwxR6ZEZv0__6bpMLRlDl5WHLrAbxX2X-Z4HninuymXRhtWxWSJTUFwMJ91T9v305sVEoo4E5wQKXWKK7EIlXZhSeJsdrp7he9yQyO5cBPqbT587A7rUUJglPllKfs2g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 08 Jun 2021 19:51:34 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAoaWxIgiJEcEclC_Z05ZY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame FAA6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECrOZrb5C-Vjcmzaax2sCEA&google_cver=1

43 B
1020 B

57ms
28ms

Image
image/gif

185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECrOZrb5C-Vjcmzaax2sCEA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYs7qwXDAB&v=APEucNURjOV_AIPAFDASRr98lG0H6AEkvlYLsBvyX2EiRCVd2nxztdIbwxR6ZEZv0__6bpMLRlDl5WHLrAbxX2X-Z4HninuymXRhtWxWSJTUFwMJ91T9v305sVEoo4E5wQKXWKK7EIlXZhSeJsdrp7he9yQyO5cBPqbT587A7rUUJglPllKfs2g

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
X-Proxy-Origin: 185.93.2.145; 185.93.2.145; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.233:80
AN-X-Request-Uuid: 6ba55053-3b43-4b2e-942b-b1196b530898
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECrOZrb5C-Vjcmzaax2sCEA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame FAA6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyNzkyNDgzNjY2ODM1Mzg4

170 B
188 B

74ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyNzkyNDgzNjY2ODM1Mzg4

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
X-Proxy-Origin: 185.93.2.145; 185.93.2.145; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.103:80
AN-X-Request-Uuid: 0db62175-bbac-4005-aeb1-9a8558f906fe
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTgyNzkyNDgzNjY2ODM1Mzg4
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK ktajov82gobh Show response
hal9000.redintelligence.net/zone/ Frame D889 11 KB
4 KB 89ms
29ms Script
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ktajov82gobh?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrvBpRcq_YOH0CJmt3wOOxaqoAobdsNJdvPvGvNAJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9BsIZ62vZuP5UZvHUsAj7s3sjC1WJ_78nhR_D5nBYStUXbfD2AD88x8HC8mgF6HNj4YM8chuwhseItNJYS3TY4q7HeJarg5t7cR9vUyGvnximVTVGL5IbOkvjmV5G_apFi32YFPpFvu4Lch9wqxnGAXDhhBWfLDS8-zdIInU_6hdrvKkeT5xFta5CQMHgMUp2jB_2zvU843hoZ2XGX16RKUnUaRSNBY17JykN1a6lOvDJihEAg7FsyNDsAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoLiByXqUp1iO1Ot9_kkb1aQ%26sig%3DAOD64_08HAmr5BlXKwGniqqOsMWyOmXbGA%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-AlY6rnIbjK-PwD9bGTyu6XCbab4CVV9BgKQLanuCwjXKmDRojO8b_SARlVmfxF4wZ42DD2g7T5bitHfxwBDV50XIrxmWtl8Ypp-JjdduTDWHprqJVJVM4mV5gYCJyTXDrRF-WWy50YHrhP2F_ly-SBOL6Y0g%26cry%3D1%26dbm_d%3DAKAmf-CcilRVyTC5lZeB4kGNQvSce28bNP4xR_eZc03sstW1BtdYdRjkJKdLyFQMlwUrSKKOXf-v6h7j2uAp2bKkACz5l6FTnlUILoMO6DL0rSXTkpzPShBj-1ztzpeHNaFsrBM3d9DwvMLdhEYjImkHkN1WZULty505ayy34dlhnvW2GYTlsGRWPaRjitaHfscP2xpW9UyS8T29giS3WYaRe-imr0o6tI4AkTJ7uITztZDdktrd_uoH7pPZxd6z1VePkbK7ldIKyyi7QSBr3XTAr4gmcp-qOZpu21VXrMPk1Qzr92wdOAzaGpkoOQnvHLd-uZOT8mpFY_djxIXonwNSiX6sJ1DG5gLMQjL0qgIUpbov6gL2fIoVeyVR6CzPDrAIDetP_T6SVqA11HC6cNyn4OzNLJBhgmkMC0Z9pQBx45ql-v10WSB5O0hRKcVil7U-eIK7WUPH%26adurl%3D
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 852f9373b699fc14ba114ab8edcf42b06584e4a6953dd2d91957cd73df0fa05d

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3880
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK zfxs41mp1p1v Show response
hal9000.redintelligence.net/zone/ Frame E532 11 KB
4 KB 88ms
30ms Script
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/zfxs41mp1p1v?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCWjz9Rcq_YOD0CJmt3wOOxaqoAobdsNJdzo_0sfwJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9DoK0K8330tsTcpseKwAfRDjBj-FkaRIm_wskCExibxeY0fG82yGqd2gdeBiBIu0ya2yS8kOtxOaUhpGjh8j98w0UFdeoUIi08ebOUX_9MzPmn8gM6GzewJBhh8rYYK_kldyl3sLA_yYpwVShLLpQn5n8ZvbzlfJi7AIxGggsZ-qdoaptfKJmsOL8f7Lv8s6XPhS9OW9uq9v3J2doUgAdw0zSpgbB5E5dEaWTUaNZCg32NthW7cDaJmGcAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRomJSRmqFLIWt_yZR95bA9Vw%26sig%3DAOD64_3y9PEdTas6PWvkZK_3eelc2InhJw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-B3Ogh8PHglt5Ekxtu3-BRB-OfHSZyBr8m-qZ8BAa3iyadzj0j1A40FTtq7n0g6c429G6vYJCNsBD1I3qFMccvyUFFPSWiU_JltAU5xvHR8BwzIWQi9QLx8vt5redeP2sKDe8Yoirk_4OE2dKHTrOns_ttbQQ%26cry%3D1%26dbm_d%3DAKAmf-Cdg1U-juGkq7uDokacJTy6SmCZPMlOL0KCTr0y5Ss_avWQDt4fOB6GRR4i4H0KCHftW871whx3itr2CPQWuJg5pqUq_-v0HIROFJrUPE00vx5z21uB6xe2Ns0C1SEbOydaivnFxZIqimNlNKXgX58SDCgubXagGxkU63tzgomZ5tjgd1QRUcRQdzDPX8sY5AhHqFnlbFL3inARoULk8VdUuYljJWHm9aD2X_Cas8vwmqbSTOE-vNCpORSxdmg9h7i-_bSCdpOIaa2H9P2hi6UdDIgSlJl6N8V-_XMBWKzJZ49tYqzGFHZRpQTpn_V8F_q7TVsyRUYBETeDzjVEh2wEEU470wmfipA6mOTWDDahnA7PXLbPxhjmOAdWKrwalmW7eN2S6H2MRjoH6Yp0e83NXnR0X2lkgYGq0ddOvaznja78OcWzaYdQswru0IQnIO9-hF1I%26adurl%3D
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 63af48ef1ca31a48d504468d453f333c49abcb911235dc8ce039ce631e75da6a

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3880
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1DAF 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 08 Jun 2021 14:44:09 GMT
expires: Wed, 08 Jun 2022 14:44:09 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 18445
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7462 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 08 Jun 2021 14:44:09 GMT
expires: Wed, 08 Jun 2022 14:44:09 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 18445
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 8166 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Tue, 08 Jun 2021 19:07:58 GMT
expires: Wed, 08 Jun 2022 19:07:58 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2616
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EB03 783 B
534 B 37ms
23ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0cb0d2ed554a33adc159f92d8a24e2ce85c1e49309df4316b67b0db864c283b7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-f0ki4QNQ7Kx6Wr3CIdHLYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

expires: Tue, 08 Jun 2021 19:51:34 GMT
date: Tue, 08 Jun 2021 19:51:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-f0ki4QNQ7Kx6Wr3CIdHLYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 1DAF 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 11:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 204200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 11:08:14 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 7462 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 11:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 204200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 11:08:14 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 8166 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 11:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 204200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 11:08:14 GMT

GET
H/1.1

200
OK

request.php Show response
hal90004.redintelligence.net/ Frame D889
Redirect Chain

https://hal90004.redintelligence.net/request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90004.redintelligence.net/request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

3 KB
2 KB

152ms
95ms

Script
application/x-javascript

138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90004.redintelligence.net/request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrvBpRcq_YOH0CJmt3wOOxaqoAobdsNJdvPvGvNAJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9BsIZ62vZuP5UZvHUsAj7s3sjC1WJ_78nhR_D5nBYStUXbfD2AD88x8HC8mgF6HNj4YM8chuwhseItNJYS3TY4q7HeJarg5t7cR9vUyGvnximVTVGL5IbOkvjmV5G_apFi32YFPpFvu4Lch9wqxnGAXDhhBWfLDS8-zdIInU_6hdrvKkeT5xFta5CQMHgMUp2jB_2zvU843hoZ2XGX16RKUnUaRSNBY17JykN1a6lOvDJihEAg7FsyNDsAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoLiByXqUp1iO1Ot9_kkb1aQ%26sig%3DAOD64_08HAmr5BlXKwGniqqOsMWyOmXbGA%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-AlY6rnIbjK-PwD9bGTyu6XCbab4CVV9BgKQLanuCwjXKmDRojO8b_SARlVmfxF4wZ42DD2g7T5bitHfxwBDV50XIrxmWtl8Ypp-JjdduTDWHprqJVJVM4mV5gYCJyTXDrRF-WWy50YHrhP2F_ly-SBOL6Y0g%26cry%3D1%26dbm_d%3DAKAmf-CcilRVyTC5lZeB4kGNQvSce28bNP4xR_eZc03sstW1BtdYdRjkJKdLyFQMlwUrSKKOXf-v6h7j2uAp2bKkACz5l6FTnlUILoMO6DL0rSXTkpzPShBj-1ztzpeHNaFsrBM3d9DwvMLdhEYjImkHkN1WZULty505ayy34dlhnvW2GYTlsGRWPaRjitaHfscP2xpW9UyS8T29giS3WYaRe-imr0o6tI4AkTJ7uITztZDdktrd_uoH7pPZxd6z1VePkbK7ldIKyyi7QSBr3XTAr4gmcp-qOZpu21VXrMPk1Qzr92wdOAzaGpkoOQnvHLd-uZOT8mpFY_djxIXonwNSiX6sJ1DG5gLMQjL0qgIUpbov6gL2fIoVeyVR6CzPDrAIDetP_T6SVqA11HC6cNyn4OzNLJBhgmkMC0Z9pQBx45ql-v10WSB5O0hRKcVil7U-eIK7WUPH%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=8022636357056&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: dd01c2808571a1cfdcf109ce9b552199ac5f7d7f6636264c21226619df70f2ae

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 52684500238351800714734011619004
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 995
Expires: Tue, 08 Jun 2021 20:51:34 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrvBpRcq_YOH0CJmt3wOOxaqoAobdsNJdvPvGvNAJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9BsIZ62vZuP5UZvHUsAj7s3sjC1WJ_78nhR_D5nBYStUXbfD2AD88x8HC8mgF6HNj4YM8chuwhseItNJYS3TY4q7HeJarg5t7cR9vUyGvnximVTVGL5IbOkvjmV5G_apFi32YFPpFvu4Lch9wqxnGAXDhhBWfLDS8-zdIInU_6hdrvKkeT5xFta5CQMHgMUp2jB_2zvU843hoZ2XGX16RKUnUaRSNBY17JykN1a6lOvDJihEAg7FsyNDsAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoLiByXqUp1iO1Ot9_kkb1aQ%26sig%3DAOD64_08HAmr5BlXKwGniqqOsMWyOmXbGA%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-AlY6rnIbjK-PwD9bGTyu6XCbab4CVV9BgKQLanuCwjXKmDRojO8b_SARlVmfxF4wZ42DD2g7T5bitHfxwBDV50XIrxmWtl8Ypp-JjdduTDWHprqJVJVM4mV5gYCJyTXDrRF-WWy50YHrhP2F_ly-SBOL6Y0g%26cry%3D1%26dbm_d%3DAKAmf-CcilRVyTC5lZeB4kGNQvSce28bNP4xR_eZc03sstW1BtdYdRjkJKdLyFQMlwUrSKKOXf-v6h7j2uAp2bKkACz5l6FTnlUILoMO6DL0rSXTkpzPShBj-1ztzpeHNaFsrBM3d9DwvMLdhEYjImkHkN1WZULty505ayy34dlhnvW2GYTlsGRWPaRjitaHfscP2xpW9UyS8T29giS3WYaRe-imr0o6tI4AkTJ7uITztZDdktrd_uoH7pPZxd6z1VePkbK7ldIKyyi7QSBr3XTAr4gmcp-qOZpu21VXrMPk1Qzr92wdOAzaGpkoOQnvHLd-uZOT8mpFY_djxIXonwNSiX6sJ1DG5gLMQjL0qgIUpbov6gL2fIoVeyVR6CzPDrAIDetP_T6SVqA11HC6cNyn4OzNLJBhgmkMC0Z9pQBx45ql-v10WSB5O0hRKcVil7U-eIK7WUPH%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=8022636357056&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 08 Jun 2021 20:51:34 +0200

GET
H/1.1

200
OK

request.php Show response
hal900016.redintelligence.net/ Frame E532
Redirect Chain

https://hal900016.redintelligence.net/request.php?zone=zfxs41mp1p1v&nw=20&renderingType=javascript&namespace=0c0d3934e2&subid=&uid=5d0bd41be97188b7&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900016.redintelligence.net/request.php?zone=zfxs41mp1p1v&nw=20&renderingType=javascript&namespace=0c0d3934e2&subid=&uid=5d0bd41be97188b7&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

163ms
107ms

Script
application/x-javascript

138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request.php?zone=zfxs41mp1p1v&nw=20&renderingType=javascript&namespace=0c0d3934e2&subid=&uid=5d0bd41be97188b7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCWjz9Rcq_YOD0CJmt3wOOxaqoAobdsNJdzo_0sfwJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9DoK0K8330tsTcpseKwAfRDjBj-FkaRIm_wskCExibxeY0fG82yGqd2gdeBiBIu0ya2yS8kOtxOaUhpGjh8j98w0UFdeoUIi08ebOUX_9MzPmn8gM6GzewJBhh8rYYK_kldyl3sLA_yYpwVShLLpQn5n8ZvbzlfJi7AIxGggsZ-qdoaptfKJmsOL8f7Lv8s6XPhS9OW9uq9v3J2doUgAdw0zSpgbB5E5dEaWTUaNZCg32NthW7cDaJmGcAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRomJSRmqFLIWt_yZR95bA9Vw%26sig%3DAOD64_3y9PEdTas6PWvkZK_3eelc2InhJw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-B3Ogh8PHglt5Ekxtu3-BRB-OfHSZyBr8m-qZ8BAa3iyadzj0j1A40FTtq7n0g6c429G6vYJCNsBD1I3qFMccvyUFFPSWiU_JltAU5xvHR8BwzIWQi9QLx8vt5redeP2sKDe8Yoirk_4OE2dKHTrOns_ttbQQ%26cry%3D1%26dbm_d%3DAKAmf-Cdg1U-juGkq7uDokacJTy6SmCZPMlOL0KCTr0y5Ss_avWQDt4fOB6GRR4i4H0KCHftW871whx3itr2CPQWuJg5pqUq_-v0HIROFJrUPE00vx5z21uB6xe2Ns0C1SEbOydaivnFxZIqimNlNKXgX58SDCgubXagGxkU63tzgomZ5tjgd1QRUcRQdzDPX8sY5AhHqFnlbFL3inARoULk8VdUuYljJWHm9aD2X_Cas8vwmqbSTOE-vNCpORSxdmg9h7i-_bSCdpOIaa2H9P2hi6UdDIgSlJl6N8V-_XMBWKzJZ49tYqzGFHZRpQTpn_V8F_q7TVsyRUYBETeDzjVEh2wEEU470wmfipA6mOTWDDahnA7PXLbPxhjmOAdWKrwalmW7eN2S6H2MRjoH6Yp0e83NXnR0X2lkgYGq0ddOvaznja78OcWzaYdQswru0IQnIO9-hF1I%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=4032024947584&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 1fd33591ea4ecf572ec58d39a4264f6f3aa38e7cb280a3b03edaa349d38a82cc

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 32425600188488900714752011619016
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 768
Expires: Tue, 08 Jun 2021 20:51:34 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=zfxs41mp1p1v&nw=20&renderingType=javascript&namespace=0c0d3934e2&subid=&uid=5d0bd41be97188b7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCWjz9Rcq_YOD0CJmt3wOOxaqoAobdsNJdzo_0sfwJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9DoK0K8330tsTcpseKwAfRDjBj-FkaRIm_wskCExibxeY0fG82yGqd2gdeBiBIu0ya2yS8kOtxOaUhpGjh8j98w0UFdeoUIi08ebOUX_9MzPmn8gM6GzewJBhh8rYYK_kldyl3sLA_yYpwVShLLpQn5n8ZvbzlfJi7AIxGggsZ-qdoaptfKJmsOL8f7Lv8s6XPhS9OW9uq9v3J2doUgAdw0zSpgbB5E5dEaWTUaNZCg32NthW7cDaJmGcAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRomJSRmqFLIWt_yZR95bA9Vw%26sig%3DAOD64_3y9PEdTas6PWvkZK_3eelc2InhJw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-B3Ogh8PHglt5Ekxtu3-BRB-OfHSZyBr8m-qZ8BAa3iyadzj0j1A40FTtq7n0g6c429G6vYJCNsBD1I3qFMccvyUFFPSWiU_JltAU5xvHR8BwzIWQi9QLx8vt5redeP2sKDe8Yoirk_4OE2dKHTrOns_ttbQQ%26cry%3D1%26dbm_d%3DAKAmf-Cdg1U-juGkq7uDokacJTy6SmCZPMlOL0KCTr0y5Ss_avWQDt4fOB6GRR4i4H0KCHftW871whx3itr2CPQWuJg5pqUq_-v0HIROFJrUPE00vx5z21uB6xe2Ns0C1SEbOydaivnFxZIqimNlNKXgX58SDCgubXagGxkU63tzgomZ5tjgd1QRUcRQdzDPX8sY5AhHqFnlbFL3inARoULk8VdUuYljJWHm9aD2X_Cas8vwmqbSTOE-vNCpORSxdmg9h7i-_bSCdpOIaa2H9P2hi6UdDIgSlJl6N8V-_XMBWKzJZ49tYqzGFHZRpQTpn_V8F_q7TVsyRUYBETeDzjVEh2wEEU470wmfipA6mOTWDDahnA7PXLbPxhjmOAdWKrwalmW7eN2S6H2MRjoH6Yp0e83NXnR0X2lkgYGq0ddOvaznja78OcWzaYdQswru0IQnIO9-hF1I%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=4032024947584&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 08 Jun 2021 20:51:34 +0200

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
162 B 16ms
16ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:34 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 17ms
17ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:33 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1DAF 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BASUJRsq_YKDoAdqxx_AP9OykkAQAAAAAOAHgBAI&bg=!1tWl1ZHNAAY6sG-_OrA7ACkAdvg8WtcbgQyeOZfA9MmqLZF_hImi5V7DKZd8ZC0WQ-nqNb-YpJsvkgIAAADbUgAAAAtoAQeZArHr9o_ZmNCk_ZI705FhyLjS3Y3yf2n5bPFIhQY4WDYHuBnp7isaT5r69vakd0bHZySrpfBtfmhj5RRxraReX_8MimGba7pLK9vmPOQdykzpRowNarQ6ZozySQotZawQoS4ZHJkomXgAYMENzYjoQJnL01UUq-nA-YpqFjHDETzpE8rx6KpsRHmrrgTIZUpGVirvqhdR4zghuyQIaZ_l1y_cN-Eg8b0Ry_wqEDp7NEgkkH4uxtQm8o9411DxlGMael15xQ_ZYzEsZUx3_2E1YO8np_zIMKP01BpJikBQUyxi7NxdLuxn-LqQ83erDEsH2JK_fSdrTUTKFooZhWpVvzPmZYZ0IfKTpXQ4zslbD72gQEF5WIzY7VQiccnYcUcQvQMao2CFGepyYFPLkoHdd_nPQ4piIQQ-44q4Wo67xbEYNP0EDawK7d--xdp74Gxpj5gmQUoKnkMOWUnkRXUqbxPUUkxn3Rj1hQAXAKwwOrKMyBrEuJfY38cbAQOlcel4PZmX-9MaNWwxy8IMRsO2mWxWy5-cX7K_nRr9LUXSo5dl2vcJ_TZ9aPzTMSW3AZWabsxPjejsK6xsWxw7g8bPkRX3J1g5nm3OHhaZjhR4Mgi7tpcJF2YJqLUxaDndsWtbfzPEI0BhFtgoPwGxIDFJQ1x3gBfC0Hy9ShAzHviR8vw2E7TuRw5vHDUqLIkyewyVDBW6KNfJBuxNfVvox0VUmrBsz3DlhwvVuLSrX4v0ErBJk9xqUp8ukz7B4mIdNXjZDgaNnj_qGvDVUz5kZILfb4NuhLBqQLT38nO1wJgJO8JszD_X_wbES8cYTiQWFhZJOiAzaaowwJiC5RGeTAnZ2hCmy9xppA1XIFy8mId_saeAYBCdbUMZ5rvM4Ky5-SYfWCEFbLI1o7Y99YlbWrpvLIolEQ

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021060701&jk=2766186334253314&bg=!ubqluv7NAAY6sG-_OrA7ACkAdvg8Wnzxq9lE6q7-Zims5b5O_HJ2aMSSrM7gtl-lEzBLNvhQckZqgwIAAADKUgAAAAxoAQeZAmd4BMcRS6y3LuzHV6Q7tBDLY4EZttoYftc53tE7JmWUIsSmsdcvYJxjaeJNyUUjS0svplACpaTPmuFDRgXn1LPWtgPArQlEYUEYOquvgTYkcEyleeo6iQQvLTERYfDTUCQCD2QN1QQP4tHW4LSMRhWLvI_W5Mko6fy8_GY0BoNBJyB0fDpI14rDAlL4So7sSBV04SqKU3BI4RqRK4Z5bLrHn7iDxuz9_Hm_DAahzYNo3Ot3UVNRGfA4bAUCkKXOcCON9yfCbSym6sIpJu8DEsuKCdZqEfa335ZQrqNnn4g-fLs-SyivkZa1DzARDtnMEy0h5AcaX4zlXvJjpqf2OZ2bdd8XHnlA3MSGaCKP78PTwYtFfJtypILM54L3lznRxSTUkHgJ3tDxl_PEyq-noFC2WN0zYSYlNDWs3l-zbQwwiTUSJSu_vFnLXOusHIUO5hdpz35ofYAtjaUvF8lFMVkbFB1dzNO350jcpUSAlFl_F3kBsIvDX9JBALPWYvDFpOChW2BaSgeQAcblZAD4K5f8SPIxZM0FhXap89237xPvwF5yVsoj-R3jcfP7UrP8e5UZJVf78SnMm6DqcRWg5fEEVC7XrSEpqggM79rOw03Z-O4rvF4jTM8JHpMMZ47g9h6BvIDSLfQNjIRrNC34w7S-qazynGX9UCe4DD-v_jCDy5QhfGrmPn0nKXAxJ1U6K7PrH9ClPiOI4jCztbUn5EtmwH-tH-iMX_zgpJKw15Mt-DxKwGIeVioMkzWA-G7o0lQD1F6miKYMhSWj8hDpVCLxRYvfpa_GMc5HXXqT3hSAq7uWeS-THmg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7462 0
20 B 15ms
15ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BgLvDRsq_YKrHAd7W7_UPiO6t2AUAAAAAOAHgBAI&bg=!ODulO3_NAAY6sG-_OrA7ACkAdvg8WkqAQV-acAQCK7Ni2nJOhVkPVLG7oN9N1p2nzXdJoYDAuPlhAQIAAADmUgAAAA9oAQeZArL4J3OOK0IiF5Lgk-LrExgDq47Prvi-mU5Zd2qQAtw6adauAU7kT8DzY2t2-w7nbWa6MkuFfN8qT13OQIx2cU0w0O9W_MdGDf0v1_pFsIB7X3H4MllE-6F1gkqMVPcLWg5aH0JXW3xWVstmTJny-FXAxYqxD9rMH37T5KHLEbZaDAjRHySlKG2mvKwgILMIEy7A07h2CwHQPUy1XzF857ZMnDra23dceW3asijb57D9zhJ7AN_rfDtB2tTnAzotLKOwpG4MQOETXBVfg1EWnuEDZU9t8pDMV194RYb8eBxKfIdAV4QOXca2wd6d5wTGM6s-b5n4NDxJheeXA7f5iQUrF_GBfz55XZ4S6Ji2iEI6WYE6wYwrRpabHktmUqcvhtzt5MUg1ChSNB78K3f9ikRXs925HpWu28Jf--Qzl3Swr2_bc1QaNrI8wZb_447EkPXsgT8UqnRX9iAs6k5vWSlDZYQE5HhBiDNXAJURU60x5X9ZQes-8_jcHHjc4NZT5BKpwBW5QZhojE6nNcCN7qA69aLos05uqWxlCtM5HAV6e_yqHiO7WGMShWrDTyg68m5SATy3LTkX6Drs-lFgNU3koonQRAhwmWPFCkeHfIgiqTAid7d6UeIw7onV6wLRix6GWAIYJvV4LdJqK6pu-D6vh7usOTqVhCidAxVpPRT5A-k_oxeFkvlJTC2a6HwcltZZdxwu7ACtf06BBuauHPNQL5XgHDis5Po9_AvAOz12SSAwSZK33i50aPKZniWBuKxJZJVyfs0f_OlLtD5MnuiHA6hQRaaDSsptZ1-E8dekGWWQzNVuK88VPyCkLBzS7A2Rmz2OrhtjL1ykDXxE40YBnDtB7Zw0COgYvm0d5cuiV7_PqFinblRZOasrQBmtOAsxr0e6EzeDHY_TI4bFQbAJxDU

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

14446294-1613646867749 Show response
www.yceml.net/0726/ Frame 5F60
Redirect Chain

https://www.lduhtrp.net/image-7743601-14446294?SID=52684500238351800714734011619004
https://cj.dotomi.com/6c66qmqt6/gns/mqk/5888A6D8/BB87A45/4/4/4/4/4?i=ysid%3DVSWYUVQQSTYTVRYQQXRUXTUQRRWRZQQU%3c%3c7JJFI%3A%2F%2FMMM.B3K7JHF.D4J%3AYQ%2F8C064-XXUTWQR-RUUUWSZU%3c%3cg%3c7JJFI%3A%2F%2F...
https://www.emjcd.com/8q79m-36M/u05/-3y/JMMMOKRM/PPMLOIJ/I/MIINIMJPMJORLLRIRO:X7Sm50s2VPxU/I/I/I?e=ueUP%3DHEIKGHCCEFKFHDKCCJDGJFGCDDIDLCCG%3c%3ct5514%3A%2F%2F888.xp6t531.zq5%3AKC%2Fuymsq-JJGFICD-DG...
https://www.yceml.net/0726/14446294-1613646867749

24 KB
24 KB

92ms
32ms

Document
image/gif

104.111.248.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yceml.net/0726/14446294-1613646867749
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrvBpRcq_YOH0CJmt3wOOxaqoAobdsNJdvPvGvNAJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9BsIZ62vZuP5UZvHUsAj7s3sjC1WJ_78nhR_D5nBYStUXbfD2AD88x8HC8mgF6HNj4YM8chuwhseItNJYS3TY4q7HeJarg5t7cR9vUyGvnximVTVGL5IbOkvjmV5G_apFi32YFPpFvu4Lch9wqxnGAXDhhBWfLDS8-zdIInU_6hdrvKkeT5xFta5CQMHgMUp2jB_2zvU843hoZ2XGX16RKUnUaRSNBY17JykN1a6lOvDJihEAg7FsyNDsAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoLiByXqUp1iO1Ot9_kkb1aQ%26sig%3DAOD64_08HAmr5BlXKwGniqqOsMWyOmXbGA%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-AlY6rnIbjK-PwD9bGTyu6XCbab4CVV9BgKQLanuCwjXKmDRojO8b_SARlVmfxF4wZ42DD2g7T5bitHfxwBDV50XIrxmWtl8Ypp-JjdduTDWHprqJVJVM4mV5gYCJyTXDrRF-WWy50YHrhP2F_ly-SBOL6Y0g%26cry%3D1%26dbm_d%3DAKAmf-CcilRVyTC5lZeB4kGNQvSce28bNP4xR_eZc03sstW1BtdYdRjkJKdLyFQMlwUrSKKOXf-v6h7j2uAp2bKkACz5l6FTnlUILoMO6DL0rSXTkpzPShBj-1ztzpeHNaFsrBM3d9DwvMLdhEYjImkHkN1WZULty505ayy34dlhnvW2GYTlsGRWPaRjitaHfscP2xpW9UyS8T29giS3WYaRe-imr0o6tI4AkTJ7uITztZDdktrd_uoH7pPZxd6z1VePkbK7ldIKyyi7QSBr3XTAr4gmcp-qOZpu21VXrMPk1Qzr92wdOAzaGpkoOQnvHLd-uZOT8mpFY_djxIXonwNSiX6sJ1DG5gLMQjL0qgIUpbov6gL2fIoVeyVR6CzPDrAIDetP_T6SVqA11HC6cNyn4OzNLJBhgmkMC0Z9pQBx45ql-v10WSB5O0hRKcVil7U-eIK7WUPH%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=8022636357056&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.248.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-248-232.deploy.static.akamaitechnologies.com
Software: Server /
Resource Hash: 624f9e2a8ac38b2357be638502a8efdf73f547cd1c77cb28e8be6f1009280dfd

Request headers

Host: www.yceml.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

Server: Server
Content-Length: 24789
Cache-Control: max-age=140468
Expires: Thu, 10 Jun 2021 10:52:43 GMT
Date: Tue, 08 Jun 2021 19:51:35 GMT
Connection: keep-alive

Redirect headers

Server: Server
Set-Cookie: S=400504174169339096:FqAUojalD7fC; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None S=400504174169339096:FqAUojalD7fC; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None CJSession=90dae2d9-550c-4d14-97b5-28a53193e079; Max-Age=-1; Domain=.emjcd.com; Path=/; Secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Tue, 08 Jun 2021 19:51:35 GMT
Location: https://www.yceml.net/0726/14446294-1613646867749
Content-Type: text/html; charset=UTF-8
Content-Length: 87
Connection: close
Date: Tue, 08 Jun 2021 19:51:34 GMT

GET
H/1.1 200
OK Cookie set postview Show response
www.hipanema.com/module/sym_tracking/ Frame 5FD0 0
3 KB 379ms
275ms Document
text/html 54.38.64.108
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hipanema.com/module/sym_tracking/postview?source=webgains
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrvBpRcq_YOH0CJmt3wOOxaqoAobdsNJdvPvGvNAJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9BsIZ62vZuP5UZvHUsAj7s3sjC1WJ_78nhR_D5nBYStUXbfD2AD88x8HC8mgF6HNj4YM8chuwhseItNJYS3TY4q7HeJarg5t7cR9vUyGvnximVTVGL5IbOkvjmV5G_apFi32YFPpFvu4Lch9wqxnGAXDhhBWfLDS8-zdIInU_6hdrvKkeT5xFta5CQMHgMUp2jB_2zvU843hoZ2XGX16RKUnUaRSNBY17JykN1a6lOvDJihEAg7FsyNDsAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoLiByXqUp1iO1Ot9_kkb1aQ%26sig%3DAOD64_08HAmr5BlXKwGniqqOsMWyOmXbGA%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-AlY6rnIbjK-PwD9bGTyu6XCbab4CVV9BgKQLanuCwjXKmDRojO8b_SARlVmfxF4wZ42DD2g7T5bitHfxwBDV50XIrxmWtl8Ypp-JjdduTDWHprqJVJVM4mV5gYCJyTXDrRF-WWy50YHrhP2F_ly-SBOL6Y0g%26cry%3D1%26dbm_d%3DAKAmf-CcilRVyTC5lZeB4kGNQvSce28bNP4xR_eZc03sstW1BtdYdRjkJKdLyFQMlwUrSKKOXf-v6h7j2uAp2bKkACz5l6FTnlUILoMO6DL0rSXTkpzPShBj-1ztzpeHNaFsrBM3d9DwvMLdhEYjImkHkN1WZULty505ayy34dlhnvW2GYTlsGRWPaRjitaHfscP2xpW9UyS8T29giS3WYaRe-imr0o6tI4AkTJ7uITztZDdktrd_uoH7pPZxd6z1VePkbK7ldIKyyi7QSBr3XTAr4gmcp-qOZpu21VXrMPk1Qzr92wdOAzaGpkoOQnvHLd-uZOT8mpFY_djxIXonwNSiX6sJ1DG5gLMQjL0qgIUpbov6gL2fIoVeyVR6CzPDrAIDetP_T6SVqA11HC6cNyn4OzNLJBhgmkMC0Z9pQBx45ql-v10WSB5O0hRKcVil7U-eIK7WUPH%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=8022636357056&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.38.64.108 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: www.hipanema.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT 0
Cache-Control: no-store, no-cache, must-revalidate no-cache, no-store, must-revalidate
Pragma: no-cache no-cache
Set-Cookie: tracking_source=webgains; expires=Thu, 08-Jul-2021 19:51:34 GMT; Max-Age=2592000; path=/; SameSite=none; domain=hipanema.com; secure PrestaShop-f06a362a4971f33c228a52cc62868256=def5020013151be1e2e5a85cbd2d7230cd6cd6a56b459e9c178d7ec0eb4ae01a58de092f8d09f462172fcd974ba67f7c991bc4846576acc07d02966d4ddd047a02ece574652a538c6a6359e156619ab4a7fbd70b9bead89699495e767422b71f732d44b32f593d6e15820be5afada97f75d76baf8e8c15d39d0ba3f2d8e1d5e4760d62ab98cdffdec7d2b14e2fe75e4905783d74eb69cbbb6dcd295c0758e541cf6feb759933038562dd2dca78b7b95dd3e5bba1e11d403cab605ac9539f241d27db3c67ca0ec18e2d6100608af8fb; expires=Wed, 16-Jun-2021 10:21:34 GMT; Max-Age=657000; path=/; SameSite=none; domain=www.hipanema.com; secure; HttpOnly PrestaShop-b5126a9d5fa9b78474a735c16217ae7d=def50200e237de02cc63d486cfe90dbc90ce95057ead05ce9e8645e081b926a41c213fc3ce87dd1b64b9fedaf0e7062c2ae5316a971ded5cecc74323ab7763c159ba5f284cb0edae0ab2654e9f62122cb5e84452b00ce6f0ee79493815c85899f06ba672735f57815a376053cfb65d762facb7afcb06196d235e4f6d2e69c657c8bb03fe2e72e52dfd0d4a836f72920a3a70aaefa2b40dc5e64f6152544f44382dd1356156e9f7b88fc49d9fe240262d335f4e21fdf34e711c01131e086ba2a7f7d16d6bdd6cfa1c80be7a3292554c4b; path=/; SameSite=none; domain=www.hipanema.com; secure; HttpOnly PrestaShop-f06a362a4971f33c228a52cc62868256=def502001b9b67b24d0f4c2825d9558accedb80211c76655abb7960894a1c42e21aa44af0d503e11daecb6896cbf696b31f9a4e41326d98ec2db1b22be80102083cb0df24b79d7505fcb525da1e0dd60ad8b22bb028188c5dfb3d01e1cf7593ce481bc6db7e5ff2fd25e62709823b7d5f66b080d0140aaa88db7870bd51e61cb7fb5e22f826e6f14b7f3d4740e047168d51535d8b95257bdaa9458828f9632fe117d3a6ed5c7dba47dddd00d4d8f91d6e8609e8884cea6bc288d43a240a21fd7646dce3be4dc8308b9c68f46db6f774a; expires=Wed, 16-Jun-2021 10:21:34 GMT; Max-Age=657000; path=/; SameSite=none; domain=www.hipanema.com; secure; HttpOnly PrestaShop-b5126a9d5fa9b78474a735c16217ae7d=def50200b87ef75d7b41639eb9d2c2991a1136cbadf681aefb19d5e08c458ef2b58dd56c0624cb55cff20401327d6f28acbaabb87e94215a2106a15cff2c940e3656123f6e1307bb732f664e1da18223facb814d69312ae698bd92fd946d3830af4b58ec8bd0be8ada2e4d111615491041dc4734aba8860b2b7d4b1c0a76a245b40701a411e0738e4fb37b5894678869836d37af4ee1ace266daf653f77d91d1e90bd56d5e543390de2c8d3649e6692bf64eec99cf56870be21fc152a07051be600b8f1267ab023cbd547ccc3e416a54; path=/; SameSite=none; domain=www.hipanema.com; secure; HttpOnly PHPSESSID=j51mpt71ut5su9lujfdf6pjjg1; path=/; secure PrestaShop-e8f6bbf88efe0193e89cbae64111614c=def502001e56d1109b47d217b1e8c5eb10458d968ebf090946e12583b8cbb5e5a131cd79d657dc36b04f0eeeb0f7fe2f937f031478270b921bdea57b01fb64ae7b2d4bc55c1c0ccdb63f573d5bf67839da5519bd0078713e870a460baffb41aa656e97d30264b4961187f3e271458d80defabb50f8c958911090554d603e861b79e08a02853ee219a816011500e5f79e24db896a0f747a939fcb3476a8c6d317d6d1419862ca0226a79a87d34352b38a7bb1b5dc; expires=Mon, 28-Jun-2021 19:51:34 GMT; Max-Age=1728000; path=/; SameSite=none; domain=.hipanema.com; secure; HttpOnly
Vary: Host
Content-Length: 0
Content-Type: text/html; charset=utf-8
X-IPLB-Request-ID: B95D0291:755C_3626406C:01BB_60BFCA46_E9EB4B:C7BD
X-IPLB-Instance: 20182

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame D889 674 B
1 KB 118ms
26ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2960325&wgcampaignid=1260705&js=1&nw=1&clickref=52684500238351800714734011619004&viewref=52684500238351800714734011619004
Requested by: Host: blip.fm
URL: https://blip.fm/billpig50
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: ce95b2c70b9238a876c36c17c9b401ba23af175399327dd171519158653245ee

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Last-Modified: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 674
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal90004.redintelligence.net/ Frame F316 6 KB
2 KB 89ms
29ms Document
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request.php?zone=ktajov82gobh&nw=20&renderingType=javascript&namespace=fbf76521d1&subid=&uid=e38bfcd923d9980e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrvBpRcq_YOH0CJmt3wOOxaqoAobdsNJdvPvGvNAJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9BsIZ62vZuP5UZvHUsAj7s3sjC1WJ_78nhR_D5nBYStUXbfD2AD88x8HC8mgF6HNj4YM8chuwhseItNJYS3TY4q7HeJarg5t7cR9vUyGvnximVTVGL5IbOkvjmV5G_apFi32YFPpFvu4Lch9wqxnGAXDhhBWfLDS8-zdIInU_6hdrvKkeT5xFta5CQMHgMUp2jB_2zvU843hoZ2XGX16RKUnUaRSNBY17JykN1a6lOvDJihEAg7FsyNDsAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRoLiByXqUp1iO1Ot9_kkb1aQ%26sig%3DAOD64_08HAmr5BlXKwGniqqOsMWyOmXbGA%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-AlY6rnIbjK-PwD9bGTyu6XCbab4CVV9BgKQLanuCwjXKmDRojO8b_SARlVmfxF4wZ42DD2g7T5bitHfxwBDV50XIrxmWtl8Ypp-JjdduTDWHprqJVJVM4mV5gYCJyTXDrRF-WWy50YHrhP2F_ly-SBOL6Y0g%26cry%3D1%26dbm_d%3DAKAmf-CcilRVyTC5lZeB4kGNQvSce28bNP4xR_eZc03sstW1BtdYdRjkJKdLyFQMlwUrSKKOXf-v6h7j2uAp2bKkACz5l6FTnlUILoMO6DL0rSXTkpzPShBj-1ztzpeHNaFsrBM3d9DwvMLdhEYjImkHkN1WZULty505ayy34dlhnvW2GYTlsGRWPaRjitaHfscP2xpW9UyS8T29giS3WYaRe-imr0o6tI4AkTJ7uITztZDdktrd_uoH7pPZxd6z1VePkbK7ldIKyyi7QSBr3XTAr4gmcp-qOZpu21VXrMPk1Qzr92wdOAzaGpkoOQnvHLd-uZOT8mpFY_djxIXonwNSiX6sJ1DG5gLMQjL0qgIUpbov6gL2fIoVeyVR6CzPDrAIDetP_T6SVqA11HC6cNyn4OzNLJBhgmkMC0Z9pQBx45ql-v10WSB5O0hRKcVil7U-eIK7WUPH%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=8022636357056&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3019bb3e0e5a2e5a08e3d7e70f75d0b2eee4914cf8f0a0a38d00e032580bfa0a

Request headers

Host: hal90004.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=da2f2aad313c86ad
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 08 Jun 2021 20:51:34 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1966
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E3FC 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 08 Jun 2021 19:15:34 GMT
expires: Wed, 09 Jun 2021 19:15:34 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 2160
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D889 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1439074750da3739b47a4688b23a0c16a8cde4f48545331ce2e8df1afb744dbc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
162 B 16ms
15ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:34 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 16ms
15ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:34 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

14446294-1613646867749 Show response
www.yceml.net/0726/ Frame 2425
Redirect Chain

https://www.lduhtrp.net/image-7743601-14446294?SID=32425600188488900714752011619016
https://cj.dotomi.com/9h115ax03H/ry2/x0v/GJJJLHOJ/MMJILFG/F/F/F/F/F?i=zmcX%3DNMOMPQKKLSSOSSTKKRLORPMKLLQLTKLQ%3c%3c1DD9C%3A%2F%2FGGG.5xE1DB9.7yD%3ASK%2F26u0y-RRONQKL-LOOOQMTO%3c%3ca%3c1DD9C%3A%2F%2...
https://www.emjcd.com/cl116z158O/w27/15-/LOOOQMTO/RRONQKL/K/OKKPKOLROLQTNNTKTR:TeUo72u4XR2W/K/K/K?h=fjZU%3DKJLJMNHHIPPLPPQHHOILOMJHIINIQHIN%3c%3cyAA69%3A%2F%2FDDD.2uByA86.4vA%3APH%2Fz3rxv-OOLKNHI-I...
https://www.yceml.net/0726/14446294-1613646867749

24 KB
24 KB

31ms
31ms

Document
image/gif

104.111.248.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yceml.net/0726/14446294-1613646867749
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=zfxs41mp1p1v&nw=20&renderingType=javascript&namespace=0c0d3934e2&subid=&uid=5d0bd41be97188b7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCWjz9Rcq_YOD0CJmt3wOOxaqoAobdsNJdzo_0sfwJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9DoK0K8330tsTcpseKwAfRDjBj-FkaRIm_wskCExibxeY0fG82yGqd2gdeBiBIu0ya2yS8kOtxOaUhpGjh8j98w0UFdeoUIi08ebOUX_9MzPmn8gM6GzewJBhh8rYYK_kldyl3sLA_yYpwVShLLpQn5n8ZvbzlfJi7AIxGggsZ-qdoaptfKJmsOL8f7Lv8s6XPhS9OW9uq9v3J2doUgAdw0zSpgbB5E5dEaWTUaNZCg32NthW7cDaJmGcAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRomJSRmqFLIWt_yZR95bA9Vw%26sig%3DAOD64_3y9PEdTas6PWvkZK_3eelc2InhJw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-B3Ogh8PHglt5Ekxtu3-BRB-OfHSZyBr8m-qZ8BAa3iyadzj0j1A40FTtq7n0g6c429G6vYJCNsBD1I3qFMccvyUFFPSWiU_JltAU5xvHR8BwzIWQi9QLx8vt5redeP2sKDe8Yoirk_4OE2dKHTrOns_ttbQQ%26cry%3D1%26dbm_d%3DAKAmf-Cdg1U-juGkq7uDokacJTy6SmCZPMlOL0KCTr0y5Ss_avWQDt4fOB6GRR4i4H0KCHftW871whx3itr2CPQWuJg5pqUq_-v0HIROFJrUPE00vx5z21uB6xe2Ns0C1SEbOydaivnFxZIqimNlNKXgX58SDCgubXagGxkU63tzgomZ5tjgd1QRUcRQdzDPX8sY5AhHqFnlbFL3inARoULk8VdUuYljJWHm9aD2X_Cas8vwmqbSTOE-vNCpORSxdmg9h7i-_bSCdpOIaa2H9P2hi6UdDIgSlJl6N8V-_XMBWKzJZ49tYqzGFHZRpQTpn_V8F_q7TVsyRUYBETeDzjVEh2wEEU470wmfipA6mOTWDDahnA7PXLbPxhjmOAdWKrwalmW7eN2S6H2MRjoH6Yp0e83NXnR0X2lkgYGq0ddOvaznja78OcWzaYdQswru0IQnIO9-hF1I%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=4032024947584&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.248.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-248-232.deploy.static.akamaitechnologies.com
Software: Server /
Resource Hash: 624f9e2a8ac38b2357be638502a8efdf73f547cd1c77cb28e8be6f1009280dfd

Request headers

Host: www.yceml.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

Server: Server
Content-Length: 24789
Cache-Control: max-age=140467
Expires: Thu, 10 Jun 2021 10:52:43 GMT
Date: Tue, 08 Jun 2021 19:51:36 GMT
Connection: keep-alive

Redirect headers

Server: Server
Set-Cookie: S=400504174169339097:9KAUojalD7jC; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None S=400504174169339097:9KAUojalD7jC; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None CJSession=10b675e4-d9ec-4af7-b053-928187ad02f9; Max-Age=-1; Domain=.emjcd.com; Path=/; Secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Tue, 08 Jun 2021 19:51:35 GMT
Location: https://www.yceml.net/0726/14446294-1613646867749
Content-Type: text/html; charset=UTF-8
Content-Length: 87
Connection: close
Date: Tue, 08 Jun 2021 19:51:35 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900016.redintelligence.net/ Frame BAEA 6 KB
2 KB 87ms
29ms Document
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=zfxs41mp1p1v&nw=20&renderingType=javascript&namespace=0c0d3934e2&subid=&uid=5d0bd41be97188b7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCWjz9Rcq_YOD0CJmt3wOOxaqoAobdsNJdzo_0sfwJ8C4QASC1y4pGYPuBgICICsgBCakCzxqo_G1utD6oAwGqBLsBT9DoK0K8330tsTcpseKwAfRDjBj-FkaRIm_wskCExibxeY0fG82yGqd2gdeBiBIu0ya2yS8kOtxOaUhpGjh8j98w0UFdeoUIi08ebOUX_9MzPmn8gM6GzewJBhh8rYYK_kldyl3sLA_yYpwVShLLpQn5n8ZvbzlfJi7AIxGggsZ-qdoaptfKJmsOL8f7Lv8s6XPhS9OW9uq9v3J2doUgAdw0zSpgbB5E5dEaWTUaNZCg32NthW7cDaJmGcAE8c6eps8B4AQDkAYBoAZNgAfr5-heqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MTA1MTk1ODAzOTE0MDY5gAoDmAsByAsBgAwBsBPNxrUK0BMA2BMDiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRomJSRmqFLIWt_yZR95bA9Vw%26sig%3DAOD64_3y9PEdTas6PWvkZK_3eelc2InhJw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-B3Ogh8PHglt5Ekxtu3-BRB-OfHSZyBr8m-qZ8BAa3iyadzj0j1A40FTtq7n0g6c429G6vYJCNsBD1I3qFMccvyUFFPSWiU_JltAU5xvHR8BwzIWQi9QLx8vt5redeP2sKDe8Yoirk_4OE2dKHTrOns_ttbQQ%26cry%3D1%26dbm_d%3DAKAmf-Cdg1U-juGkq7uDokacJTy6SmCZPMlOL0KCTr0y5Ss_avWQDt4fOB6GRR4i4H0KCHftW871whx3itr2CPQWuJg5pqUq_-v0HIROFJrUPE00vx5z21uB6xe2Ns0C1SEbOydaivnFxZIqimNlNKXgX58SDCgubXagGxkU63tzgomZ5tjgd1QRUcRQdzDPX8sY5AhHqFnlbFL3inARoULk8VdUuYljJWHm9aD2X_Cas8vwmqbSTOE-vNCpORSxdmg9h7i-_bSCdpOIaa2H9P2hi6UdDIgSlJl6N8V-_XMBWKzJZ49tYqzGFHZRpQTpn_V8F_q7TVsyRUYBETeDzjVEh2wEEU470wmfipA6mOTWDDahnA7PXLbPxhjmOAdWKrwalmW7eN2S6H2MRjoH6Yp0e83NXnR0X2lkgYGq0ddOvaznja78OcWzaYdQswru0IQnIO9-hF1I%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=4032024947584&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6778f9e8a4e687a9fab77d3696c734867cab4ee396c949b1629013a15aaa088d

Request headers

Host: hal900016.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=da2f2aad313c86ad
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 08 Jun 2021 20:51:34 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1935
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK /
bms.bayard-jeunesse.com/ Frame E532 43 B
1 KB 104ms
24ms Image
image/gif 95.131.136.1
OXALIDE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bms.bayard-jeunesse.com/?t=P460A357081915131&argsite=32425600188488900714752011619016
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.131.136.1 , France, ASN47841 (OXALIDE, FR),
Reverse DNS: front.netaffiliation.net
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-TRK-KWANKO: no consent mode activated, no personnal data stored.
Date: Tue, 08 Jun 2021 19:51:34 GMT
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR CUR ADMa PSAa OUR IND NAV COM",policyref="http://www.netaffiliation.com/w3c/p3p.xml"
X-TRK-D: 0.0049419403076172
Connection: close
Pragma: no-cache
X-TRK-PROC: 24739
Last-Modified: Tue, 08 Jun 2021 19:51:34 GMT
Server: nginx
X-TRK-DECISION: 7
Content-Type: image/gif
Access-Control-Allow-Origin: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Kwanko-Content-Type,X-Kwanko-Sdk-Version,X-KWKunijs-Debug,X-KWKunijs-Version
X-TRK-SRV: 9

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E736 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 08 Jun 2021 19:15:34 GMT
expires: Wed, 09 Jun 2021 19:15:34 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 2160
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame E532 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 742f8cba0c9016dda5231e776366b5567b1eebf3c9cbb1a6379296806edf1601

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-29 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 2BDA 28 B
54 B 21ms
20ms XHR
application/json 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/00fe505f/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
X-YouTube-Client-Version: 1.20210606.0.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtEaFQtemEzd3VhQSjElP-FBg%3D%3D
X-YouTube-Ad-Signals: dt=1623181892318&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C270&vis=1&wgl=true&ca_type=image&bid=ANyPxKrhVfEZcxxWPE5nENmuZ5mIPlj0QUPr9OBJtkdeuQFtLaqr-Zz25pv10Lf1WLbKoPrJ60hmwEsMyuwf4X_gTJriNdY1ug

Response headers

date: Tue, 08 Jun 2021 19:51:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E3FC
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEBtztoUTO5kdr9txUvmByP8&google_cver=1&google_push=AYg5qPIZWPVpF8pq3mHkqY2KbVziMSy_bNuVBmx5dCFcHQCAZVqL6weDkSvVdX4aJTHgtg86j8KYOZGWuFxJ1Ax_...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=snOp3LesTN6ALWfdXTfmsA2&google_push=AYg5qPIZWPVpF8pq3mHkqY2KbVziMSy_bNuVBmx5dCFcHQCAZVqL6weDkSvVdX4aJTHgtg86j8KYOZGWuFxJ1Ax_pFz-l5TvHqTJ

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=snOp3LesTN6ALWfdXTfmsA2&google_push=AYg5qPIZWPVpF8pq3mHkqY2KbVziMSy_bNuVBmx5dCFcHQCAZVqL6weDkSvVdX4aJTHgtg86j8KYOZGWuFxJ1Ax_pFz-l5TvHqTJ

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 08 Jun 2021 19:51:34 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=snOp3LesTN6ALWfdXTfmsA2&google_push=AYg5qPIZWPVpF8pq3mHkqY2KbVziMSy_bNuVBmx5dCFcHQCAZVqL6weDkSvVdX4aJTHgtg86j8KYOZGWuFxJ1Ax_pFz-l5TvHqTJ
x-host: tde-deliveryengine-production-84b97f78fc-vntpb
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E3FC
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPEVpPVGPvXy5KIm01cVVkc&google_cver=1&google_push=AYg5qPIwFFney5ZSXvkRVPx8VKz5f8NG-cUJ8eb7Em2qAk4eC65rHrmsIwF-wtLHVlNVrqxhIsImMc4u...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPEVpPVGPvXy5KIm01cVVkc&google_cver=1&google_push=AYg5qPIwFFney5ZSXvkRVPx8VKz5f8NG-cUJ8eb7Em2qAk4eC65rHrmsIwF-wtLHVlNVrqxhIsI...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYyMDg1MjQyNjYxODQ3NTcxNg&google_push=AYg5qPIwFFney5ZSXvkRVPx8VKz5f8NG-cUJ8eb7Em2qAk4eC65rHrmsIwF-wtLHVlNVrqxhIsImMc...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYyMDg1MjQyNjYxODQ3NTcxNg&google_push=AYg5qPIwFFney5ZSXvkRVPx8VKz5f8NG-cUJ8eb7Em2qAk4eC65rHrmsIwF-wtLHVlNVrqxhIsImMc4uOrGXMATzmQzJV8f6hL8

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYyMDg1MjQyNjYxODQ3NTcxNg&google_push=AYg5qPIwFFney5ZSXvkRVPx8VKz5f8NG-cUJ8eb7Em2qAk4eC65rHrmsIwF-wtLHVlNVrqxhIsImMc4uOrGXMATzmQzJV8f6hL8
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 google
d5p.de17a.com/cookies/ Frame E3FC 35 B
134 B 142ms
45ms Image
image/gif 213.155.156.185
TELIANET Telia Ca...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d5p.de17a.com/cookies/google?google_gid=CAESEKlmYzGKRpkVZ1dayMhhFz0&google_cver=1&google_push=AYg5qPJlXQB9ox-mFsMwB-SUvP8HnafRw1EkVCSu2CEK3srlKYuotlT4fT0J8061hNHcIVlfWT1vAh6Ff9FpEi_uMXTnVQPqUeA
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 213.155.156.185 , Sweden, ASN1299 (TELIANET Telia Carrier, SE),
Reverse DNS: 213-155-156-185.teliacarrier-cust.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
content-length: 35
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E3FC
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=9qr8IA5TTDmysSocB4An5A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

37ms
35ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=9qr8IA5TTDmysSocB4An5A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIy1xyoNoIzLAtZxFg49TjVWfZf_qR3K1AxSg9MGs11CWAjbpw22Riw-15jNFKTth4FApScXvE3hBywonb0G7sFeiQSHzJ7

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=9qr8IA5TTDmysSocB4An5A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIy1xyoNoIzLAtZxFg49TjVWfZf_qR3K1AxSg9MGs11CWAjbpw22Riw-15jNFKTth4FApScXvE3hBywonb0G7sFeiQSHzJ7
date: Tue, 08 Jun 2021 19:51:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame E3FC
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXp...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E3FC
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPYjQFpvYctGOJp7NWfQkSY&google_cver=1&google_push=AYg5qPKV4mbdTTfUY8-r6NkEjLcAcikMABiWdhSBVvsYheubvqLLfQaWLphO6uOVC5AX578DKGCtbX...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKV4mbdTTfUY8-r6NkEjLcAcikMABiWdhSBVvsYheubvqLLfQaWLphO6uOVC5AX578DKGCtbXhKai9F_PnPXcCN63pKVmc&google_hm=ODgwOTU4OTM...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKV4mbdTTfUY8-r6NkEjLcAcikMABiWdhSBVvsYheubvqLLfQaWLphO6uOVC5AX578DKGCtbXhKai9F_PnPXcCN63pKVmc&google_hm=ODgwOTU4OTMzODY1Mzg2MTg1Nw%3D%3D

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKV4mbdTTfUY8-r6NkEjLcAcikMABiWdhSBVvsYheubvqLLfQaWLphO6uOVC5AX578DKGCtbXhKai9F_PnPXcCN63pKVmc&google_hm=ODgwOTU4OTMzODY1Mzg2MTg1Nw%3D%3D
date: Tue, 08 Jun 2021 19:51:34 GMT
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E3FC
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPrn2aLM2wdNVUSFyC1ZzfI&google_cver=1&google_push=AYg5qPJzuNiiuOfvzAji50BmZ6ch9MId2_dVFjLgTzmXJKMJOp9u7VRfhU0wUqUcvousvqX0fZ...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPrn2aLM2wdNVUSFyC1ZzfI&google_cver=1&google_push=AYg5qPJzuNiiuOfvzAji50BmZ6ch9MId2_dVFjLgTzmXJKMJOp9u7VRfhU0wUqUcvousvqX0fZ...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15Y2p1dVRKRTJ1RUFsSW1RUEZaWGc5ZEJ0bmVudUFDa35B&google_push=AYg5qPJzuNiiuOfvzAji50BmZ6ch9MId2_dVFjLgTzmXJKMJOp9u7VRfh...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15Y2p1dVRKRTJ1RUFsSW1RUEZaWGc5ZEJ0bmVudUFDa35B&google_push=AYg5qPJzuNiiuOfvzAji50BmZ6ch9MId2_dVFjLgTzmXJKMJOp9u7VRfhU0wUqUcvousvqX0fZq4u6LhAlGcTIUKrMWs6oxFF58Wig

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15Y2p1dVRKRTJ1RUFsSW1RUEZaWGc5ZEJ0bmVudUFDa35B&google_push=AYg5qPJzuNiiuOfvzAji50BmZ6ch9MId2_dVFjLgTzmXJKMJOp9u7VRfhU0wUqUcvousvqX0fZq4u6LhAlGcTIUKrMWs6oxFF58Wig
Connection: keep-alive
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame E3FC 0
12 B 35ms
31ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JRwQ8akpWaRm2slv5-QG9DB0gls6WnGfq_-2NYm3I2mBbEjvJDT6LTN8mIJdQcQQYpTENgMw

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 css
fonts.googleapis.com/ Frame F316 1 KB
418 B 31ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal90004.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Jun 2021 18:31:32 GMT
server: ESF
date: Tue, 08 Jun 2021 19:51:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame F316 10 KB
10 KB 187ms
126ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/14527/creativesup/volo-1200x627.jpg
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 749a42f58e408284dd7ab8e33d2c04a9097dc6ceedd6b86e880d9bd8ac7093f5

Request headers

Referer: https://hal90004.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10292
Vary: Accept-Encoding
Content-Type: image/png

GET
H2

200

img_9_19_11.png
img.metaffiliation.com/12/64999/ Frame F316
Redirect Chain

https://lov.saveur-biere.com/?a=P4FDE751F57B1919&argsite=52684500238351800714734011619004
https://lov.saveur-biere.com/12/64999/img_9_19_11.png
https://img.metaffiliation.com/12/64999/img_9_19_11.png

2 KB
2 KB

54ms
17ms

Image
image/png

205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.metaffiliation.com/12/64999/img_9_19_11.png
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: aefc3ea305266eac862163892fa2a60dfb2a22161836571035bf8e27220ad2c5

Request headers

Referer: https://hal90004.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:35 GMT
content-encoding: gzip
last-modified: Tue, 16 Feb 2021 16:11:52 GMT
etag: "1613491912"
x-hw: 1623181895.dop207.pa1.t,1623181895.cds041.pa1.hn,1623181895.cds037.pa1.c
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3518
accept-ranges: bytes
content-length: 2230

Redirect headers

Date: Tue, 08 Jun 2021 19:51:35 GMT
Server: nginx
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Location: https://img.metaffiliation.com/12/64999/img_9_19_11.png
Access-Control-Allow-Credentials: true
Connection: close
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Kwanko-Content-Type,X-Kwanko-Sdk-Version,X-KWKunijs-Debug,X-KWKunijs-Version

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame F316 17 KB
17 KB 90ms
29ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/43804/creativesup/WILD-SS21-1200x627.jpg
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c38b62fa5511ad22254071584ee5d3e8db1f5084504813eff82e559c251dbef3

Request headers

Referer: https://hal90004.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 17574
Vary: Accept-Encoding
Content-Type: image/png

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E736
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEG1Zox5l1SK6orNw-KwWV00&google_cver=1&google_push=AYg5qPJZUe2-3zfFRGtwI4ms58tvKlq3WQAdfhYuiOdRo-jky9zu8IdDbENNjKcjL9x3zHaM6JYXgnDOh3DRZTqn...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJZUe2-3zfFRGtwI4ms58tvKlq3WQAdfhYuiOdRo-jky9zu8IdDbENNjKcjL9x3zHaM6JYXgnDOh3DRZTqncpNKIVuyAvo

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJZUe2-3zfFRGtwI4ms58tvKlq3WQAdfhYuiOdRo-jky9zu8IdDbENNjKcjL9x3zHaM6JYXgnDOh3DRZTqncpNKIVuyAvo

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 08 Jun 2021 19:51:27 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x28
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJZUe2-3zfFRGtwI4ms58tvKlq3WQAdfhYuiOdRo-jky9zu8IdDbENNjKcjL9x3zHaM6JYXgnDOh3DRZTqncpNKIVuyAvo
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 08 Jun 2021 19:51:26 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame E736
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEBQ3CPC9Eb0qTqex9yKBToI&google_cver=1&google_push=AYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw&re...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBQ3CPC9Eb0qTqex9yKBToI&google_cver=1&google_push=AYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw&...

43 B
438 B

179ms
177ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBQ3CPC9Eb0qTqex9yKBToI&google_cver=1&google_push=AYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 65c4a7da7f7fdfd3-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 43
cf-request-id: 0a8ec73c8d0000dfd3f7b5f000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 2436
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 65c4a7d96d7edfd3-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBQ3CPC9Eb0qTqex9yKBToI&google_cver=1&google_push=AYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJHJrhn7l2x7I-PmUJsrz9eIXXPhvPPuCcdzv1giyEHws6FTiXWEicViuc9r66ItroBWSsBY1pImjOhOjEVkANt8k9ZRw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8ec73bdf0000dfd3f735b000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E736
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHYK8XUVR-QcxTfQbQ672bY&google_cver=1&google_push=AYg5qPLhhsmnvQ0Xkbcphy5GBOQNqHS7SIbQ-wSvl4TmtwjH2U4-lytn-O5lPxK2cz9EWgBpxksaEzAAuAG...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLhhsmnvQ0Xkbcphy5GBOQNqHS7SIbQ-wSvl4TmtwjH2U4-lytn-O5lPxK2cz9EWgBpxksaEzAAuAGPtHSuwya2bsjxToE&google_hm=nFiB4Z8WROer1gsMzDkIppE

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLhhsmnvQ0Xkbcphy5GBOQNqHS7SIbQ-wSvl4TmtwjH2U4-lytn-O5lPxK2cz9EWgBpxksaEzAAuAGPtHSuwya2bsjxToE&google_hm=nFiB4Z8WROer1gsMzDkIppE

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:35 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLhhsmnvQ0Xkbcphy5GBOQNqHS7SIbQ-wSvl4TmtwjH2U4-lytn-O5lPxK2cz9EWgBpxksaEzAAuAGPtHSuwya2bsjxToE&google_hm=nFiB4Z8WROer1gsMzDkIppE
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame E736 0
136 B 1136ms
32ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELp9rNdfJDo5Y7iPLGDRJhg&google_cver=1&google_push=AYg5qPJktrrO4k9DX095FjnltA4Y4ymtB5cBaF5eEcRBw_9z9ZZGYpCV-Hu2XqaA32cik7OwS9nWRFovBuI8KI9tWuKExTIp-Q
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:35 GMT
via: 1.1 google
alt-svc: clear

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E736
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBAJp1X9G1ESxfODXEt-dOw&google_cver=1&google_push=AYg5qPICOJjQuPqykl8rkXx1HpEjcJ-FH3W6o25c0s5bEvfwULRmFuFHeq5slJqkmvUTLNFj_QN0AIWhdzxl9T2Bd-f9RvtxUA
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPICOJjQuPqykl8rkXx1HpEjcJ-FH3W6o25c0s5bEvfwULRmFuFHeq5slJqkmvUTLNFj_QN0AIWhdzxl9T2Bd-f9RvtxUA&google_hm=ODY4MjgwMTg2NDAyNDc1NjE3...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPICOJjQuPqykl8rkXx1HpEjcJ-FH3W6o25c0s5bEvfwULRmFuFHeq5slJqkmvUTLNFj_QN0AIWhdzxl9T2Bd-f9RvtxUA&google_hm=ODY4MjgwMTg2NDAyNDc1NjE3NA%3D%3D

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 08 Jun 2021 19:51:34 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPICOJjQuPqykl8rkXx1HpEjcJ-FH3W6o25c0s5bEvfwULRmFuFHeq5slJqkmvUTLNFj_QN0AIWhdzxl9T2Bd-f9RvtxUA&google_hm=ODY4MjgwMTg2NDAyNDc1NjE3NA%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E736
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEL7qyIUppWRafF5E4K020e4&google_cver=1&google_push=AYg5qPJMpQpZ4a3Pgf4X6e07yMHp8f1UggrdZbEtbwaKZdiJQhXMoSkxAMeXYD9BOqprXYL4YTnd-n4eGzYoQtF30tVMpVs3GtM
https://rtb.openx.net/sync/dds?google_gid=CAESEL7qyIUppWRafF5E4K020e4&google_cver=1&google_push=AYg5qPJMpQpZ4a3Pgf4X6e07yMHp8f1UggrdZbEtbwaKZdiJQhXMoSkxAMeXYD9BOqprXYL4YTnd-n4eGzYoQtF30tVMpVs3GtM&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJMpQpZ4a3Pgf4X6e07yMHp8f1UggrdZbEtbwaKZdiJQhXMoSkxAMeXYD9BOqprXYL4YTnd-n4eGzYoQtF30tVMpVs3GtM&google_hm=TThOy-fNxAEtvHI8-7rFIg==

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJMpQpZ4a3Pgf4X6e07yMHp8f1UggrdZbEtbwaKZdiJQhXMoSkxAMeXYD9BOqprXYL4YTnd-n4eGzYoQtF30tVMpVs3GtM&google_hm=TThOy-fNxAEtvHI8-7rFIg==

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:35 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJMpQpZ4a3Pgf4X6e07yMHp8f1UggrdZbEtbwaKZdiJQhXMoSkxAMeXYD9BOqprXYL4YTnd-n4eGzYoQtF30tVMpVs3GtM&google_hm=TThOy-fNxAEtvHI8-7rFIg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: f2e0ul2r6mu7mttmhbmjmacd89l6oft9

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E736
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPrn2aLM2wdNVUSFyC1ZzfI&google_cver=1&google_push=AYg5qPINqY9ml2314GERpJvCJaYy2bLO9mcy_-Dx6Mn4c6g8EsxVBAwBbN6SjZYNiQpG-7U7lN...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPrn2aLM2wdNVUSFyC1ZzfI&google_cver=1&google_push=AYg5qPINqY9ml2314GERpJvCJaYy2bLO9mcy_-Dx6Mn4c6g8EsxVBAwBbN6SjZYNiQpG-7U7lN...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15Y2p1dVRKRTJ1RUFsSW1RUEZaWGc5ZEJ0bmVudUFDa35B&google_push=AYg5qPINqY9ml2314GERpJvCJaYy2bLO9mcy_-Dx6Mn4c6g8EsxVBAwBb...

170 B
188 B

38ms
38ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15Y2p1dVRKRTJ1RUFsSW1RUEZaWGc5ZEJ0bmVudUFDa35B&google_push=AYg5qPINqY9ml2314GERpJvCJaYy2bLO9mcy_-Dx6Mn4c6g8EsxVBAwBbN6SjZYNiQpG-7U7lNqA6u1ESOiYsAVxXSsOm6gAdww

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15Y2p1dVRKRTJ1RUFsSW1RUEZaWGc5ZEJ0bmVudUFDa35B&google_push=AYg5qPINqY9ml2314GERpJvCJaYy2bLO9mcy_-Dx6Mn4c6g8EsxVBAwBbN6SjZYNiQpG-7U7lNqA6u1ESOiYsAVxXSsOm6gAdww
Connection: keep-alive
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame E736 0
12 B 38ms
36ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kk87s9iwqUER4bo-weumKQ8WLXv3xrcMvOH2bYiZ9NJd4xIwxNEQos5fgQadY_nCehYVB35Q

Requested by

Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:34 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame D889 10 KB
10 KB 76ms
26ms Image
image/gif 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=1260705&viewref=17765800223207700716158011619014&wglinkid=2960325
Requested by: Host: 091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
URL: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 529ddbb0f1e00432d5b6c218da8a39805157e15b3722066c0a271be719aea685

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 19:51:34 GMT
Last-Modified: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/gif
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90004.redintelligence.net/ Frame F316 0
150 B 337ms
29ms Script
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90004.redintelligence.net/viewability?s=52684500238351800714734011619004&a=1efa42f3&vb=m
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 css
fonts.googleapis.com/ Frame BAEA 4 KB
648 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Jun 2021 18:40:51 GMT
server: ESF
date: Tue, 08 Jun 2021 19:51:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Jun 2021 19:51:34 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame BAEA 12 KB
12 KB 1106ms
29ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/19403/creativesup/1200x627-Nads-v2.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: dcfade046eea82e99914612625144d1ab7464420b0ad02995715bb0b92a4a540

Request headers

Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 11905
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame BAEA 10 KB
10 KB 1106ms
29ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/14527/creativesup/volo-1200x627.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 749a42f58e408284dd7ab8e33d2c04a9097dc6ceedd6b86e880d9bd8ac7093f5

Request headers

Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10292
Vary: Accept-Encoding
Content-Type: image/png

GET
H2

200

img_9_19_11.png
img.metaffiliation.com/12/64999/ Frame BAEA
Redirect Chain

https://lov.saveur-biere.com/?a=P4FDE751F57B1919&argsite=32425600188488900714752011619016
https://lov.saveur-biere.com/12/64999/img_9_19_11.png
https://img.metaffiliation.com/12/64999/img_9_19_11.png

2 KB
2 KB

17ms
17ms

Image
image/png

205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.metaffiliation.com/12/64999/img_9_19_11.png
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: aefc3ea305266eac862163892fa2a60dfb2a22161836571035bf8e27220ad2c5

Request headers

Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:51:36 GMT
content-encoding: gzip
last-modified: Tue, 16 Feb 2021 16:11:52 GMT
etag: "1613491912"
x-hw: 1623181896.dop207.pa1.t,1623181896.cds041.pa1.hn,1623181896.cds037.pa1.c
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3517
accept-ranges: bytes
content-length: 2230

Redirect headers

Date: Tue, 08 Jun 2021 19:51:36 GMT
Server: nginx
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Location: https://img.metaffiliation.com/12/64999/img_9_19_11.png
Access-Control-Allow-Credentials: true
Connection: close
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Kwanko-Content-Type,X-Kwanko-Sdk-Version,X-KWKunijs-Debug,X-KWKunijs-Version

GET
H/1.1 200
OK viewability Show response
hal900016.redintelligence.net/ Frame BAEA 0
150 B 87ms
29ms Script
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/viewability?s=32425600188488900714752011619016&a=07fe1159&vb=m
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:34 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame BAEA 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal900016.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 23:39:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
age: 72735
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
expires: Tue, 07 Jun 2022 23:39:19 GMT

GET
H3-29 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame BAEA 16 KB
16 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal900016.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 23:39:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
age: 72736
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
expires: Tue, 07 Jun 2022 23:39:18 GMT

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
162 B 16ms
16ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:34 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 16ms
16ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:34 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D889 42 B
64 B 29ms
16ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst-QXDnXL7kBT4myBQhCqHl4W3uv49PLqzNcLX5BxUrwXST2ztMIEV1FPy-_HkLsjQBWVmyL_0HeDZgjJnAVQ90B4jIXCj7LQLmjsT5yLkFqDKP&sai=AMfl-YR6tNw3NjoMNaUnczF9taiZQDTCGPVT8p5KBjuK1i-SoudeKRCwgQ6Yax6DQQtkqn5bOx6dYqPQq5_oBc7s_pujsy90eEJmV74OaRPMhRzv4rvkJcmGgEoMAPU&sig=Cg0ArKJSzJ-LzYiYgcyOEAE&cid=CAASEuRoLiByXqUp1iO1Ot9_kkb1aQ&id=lidar2&mcvt=1001&p=1110,436,1204,1164&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20210607&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=3224969948&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623181893985&dlt=18&rpt=548&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E532 42 B
64 B 16ms
16ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkgnRpWif-NQDUpAIFZZghFeSpoVlA07kuHL788JdzwqWhEgpum3Me6AIolOPNOhUJgKdmilCBmptd3TUhCJzM18IUmBSKryWBn1eSroVpqrBO&sai=AMfl-YSfF5wZcaCZyBDgCm-MrQignuvUjKtoJHOWU6cnTh-babMvjL4lS26lOXcbrunryCYhAzAsgPI5kCDBCk91M0t4Z9U41kDOAUGjdUxspQ-OQBmbMXTN0A6p2us&sig=Cg0ArKJSzHENxb4TlWxHEAE&cid=CAASEuRomJSRmqFLIWt_yZR95bA9Vw&id=lidar2&mcvt=1000&p=664,315,758,1285&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210607&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=3076314635&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623181893984&dlt=22&rpt=598&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:51:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90004.redintelligence.net/ Frame F316 0
150 B 29ms
29ms Script
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90004.redintelligence.net/viewability?s=52684500238351800714734011619004&a=1efa42f3&vb=v
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90004.redintelligence.net/request_content.php?s=52684500238351800714734011619004&a=47258dd1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900016.redintelligence.net/ Frame BAEA 0
150 B 336ms
29ms Script
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/viewability?s=32425600188488900714752011619016&a=07fe1159&vb=v
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900016.redintelligence.net/request_content.php?s=32425600188488900714752011619016&a=7b4ef92e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:51:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
162 B 18ms
16ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:36 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 16ms
16ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:36 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
162 B 18ms
17ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:36 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 16ms
16ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:36 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 5B9A 77 B
162 B 17ms
17ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Tue, 08 Jun 2021 19:51:37 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 16ms
16ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 08 Jun 2021 19:51:37 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL_KRvUSkZ2sybeho3QH2QAABHwAAAAB&google_cver=1&google_gid=CAESEPhrhJ9jt63FDlBnnXOWNis&google_push=AYg5qPKfWoK0WfZT3ZMi-IJE1u4KlE3U_5JXpcuxcB4COXLsUO1qY8eICoImMPfWcIfwwf5_ZWJ9bi1RjwQ1Mda5K2yIxM-wYbM

Verdicts & Comments Add Verdict or Comment

220 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: COT87-ygTLg
.blip.fm/	1970-01-20 04:17:30	Name: __qca Value: P0-1594610575-1623181892231
.blip.fm/	1970-01-19 23:15:49	Name: __utmz Value: 171230451.1623181892.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.blip.fm/	1970-01-19 18:53:03	Name: __utmb Value: 171230451.1.10.1623181892
.blip.fm/	1969-12-31 23:59:59	Name: __utmc Value: 171230451
.blip.fm/	1970-01-19 18:53:02	Name: __utmt Value: 1
.youtube.com/	1970-01-19 23:12:13	Name: VISITOR_INFO1_LIVE Value: DhT-za3wuaA
.blip.fm/	1970-01-20 12:24:13	Name: __utma Value: 171230451.1231501152.1623181892.1623181892.1623181892.1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js(Line 9099) Message: Download the Vue Devtools extension for a better development experience: https://github.com/vuejs/vue-devtools
console-api	info	URL: https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js(Line 9108) Message: You are running Vue in development mode. Make sure to turn on production mode when deploying for production. See more tips at https://vuejs.org/guide/deployment.html
console-api	error	URL: https://blip.fm/_/js/spotify-api.js(Line 158) Message: Failed to initialize player
console-api	error	URL: https://blip.fm/_/js/spotify-api.js(Line 163) Message: Authentication failed

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

091b7b729173ed4744a9dca5348c9750.safeframe.googlesyndication.com
a.tribalfusion.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
api.spotify.com
apresolve.spotify.com
blip.fm
bms.bayard-jeunesse.com
c.amazon-adsystem.com
c1.adform.net
cdn.ampproject.org
cdn.jsdelivr.net
cdnjs.cloudflare.com
cj.dotomi.com
cm.g.doubleclick.net
d1uswytv6491xe.cloudfront.net
d5p.de17a.com
dsum-sec.casalemedia.com
empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900016.redintelligence.net
hal90004.redintelligence.net
ib.adnxs.com
image6.pubmatic.com
img.metaffiliation.com
lov.saveur-biere.com
miro.medium.com
pagead2.googlesyndication.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
rtb.openx.net
rules.quantcount.com
s.tribalfusion.com
s7.addthis.com
sdk.scdn.co
secure.quantserve.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssl.google-analytics.com
static.doubleclick.net
stats.g.doubleclick.net
sync.mathtag.com
tpc.googlesyndication.com
tr.blismedia.com
track.webgains.com
ups.analytics.yahoo.com
v1.addthisedge.com
www.emjcd.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.hipanema.com
www.lduhtrp.net
www.yceml.net
www.youtube.com
z.moatads.com
cm.g.doubleclick.net
104.111.248.232
104.75.88.126
138.201.220.30
138.201.63.116
142.250.185.130
142.250.185.194
185.29.133.58
185.33.220.243
185.64.190.78
185.86.139.103
2.18.234.21
2.18.235.40
205.185.216.10
213.155.156.185
2600:1901:0:524d::
2600:1901:1:c36::
2600:9000:218d:2400:6:44e3:f8c0:93a1
2606:4700:7::a29f:9904
2606:4700::6810:125e
2606:4700::6810:5514
2606:4700::6812:d05
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1288:110:c305::8000
2a00:1450:4001:800::2002
2a00:1450:4001:803::2002
2a00:1450:4001:809::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:812::200e
2a00:1450:4001:813::2008
2a00:1450:4001:827::2004
2a00:1450:4001:829::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2006
2a00:1450:4001:830::200a
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:4001:831::200e
2a00:1450:400c:c04::9b
2a04:4e42:62::760
3.126.56.137
34.96.105.8
35.186.193.173
35.190.0.66
35.227.252.103
37.157.6.252
46.236.13.147
52.219.105.178
52.222.200.121
54.163.233.121
54.38.64.108
65.9.58.220
89.207.16.72
95.131.136.1
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
094c1111eeb737673d376e2598c9abfad2c1dadeab91522940bbf5d2ff512a72
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cb0d2ed554a33adc159f92d8a24e2ce85c1e49309df4316b67b0db864c283b7
10985b0138ee107431b8118e0d8b2efa14439caf69807bf0bde75c96c578f018
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1439074750da3739b47a4688b23a0c16a8cde4f48545331ce2e8df1afb744dbc
17c3bd5b578cb7f4fccd1ad422794185e0c96b0c68a60756f4b1a72b674972c8
1ce13eaf79702bbfacbd3a2b14a7f8b2f99eccaafae451060936d1ce15cf715d
1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748
1d8c7ce12428be733a9213b2fecae66db6950a933c276d68bf7c8271829a627d
1e26892b2736c82171e10cf7325fdc8627423517c96f0e12877de14ed63e8b07
1fd33591ea4ecf572ec58d39a4264f6f3aa38e7cb280a3b03edaa349d38a82cc
1feda3dc45dfdcb46ec8f8abdafc23f06d4e2d954a864ec9e9e61b857dc8d1e8
1fee0b34c67a3e22047b627896862289225552817e79f658ade465b28c7103e0
2aeb8d2abc5ed9b751af26cb7b4603db073967f44ccc3fb877c82b9b41745eaa
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cf815f03ae78c05316c42c7d01a715b9bb08acff70e0c4b4206dc99758e4828
2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec
3019bb3e0e5a2e5a08e3d7e70f75d0b2eee4914cf8f0a0a38d00e032580bfa0a
319513d84c6b2e0aea8ec6401142ad600dce83d99a4d45cea9a884875f403265
35e9144015046c3d25f20ddbd1f3036306891c441a18343c1d1e2da6ff3c2bd1
3799840e4c9f8f842d29bd32da3ca39fc7cb1f5adf069126c37c996434f64e41
396e92552e8ff284f6e204090bc222578d5a1a6ec0f92ccf31ed5978606784b4
3983c27985f9ae67aed69d7ca6a82a682a7095df30b8d8253014de0f4ee97427
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
3c00d50d6046dfc2e2a7de2a5a177d35e11b708fe9fc93f966c0d28a304ab485
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6a2b0fd27801f153917af3d6558094fd0e76f7e08e21e78b45b0343362d3d6
4b6c4dd2186139cfe5da8627cbd85b7f54e8b4d84164a4f98af88427c6ebb5e0
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4db8af548255ad1270380918e096b18fddd5b984f95fd4862f18575f8267162f
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51849fb8f2b161981d2a508c4e58503a0a752c6bbac592a742d92efdb1c378c6
529ddbb0f1e00432d5b6c218da8a39805157e15b3722066c0a271be719aea685
5319e556d7cc59b3645e2ce9984858f1c8e2be91f59c475cf09388d3b175fa59
5345a3bf0a85143d337b572e4cea04e8705eb606e47611d54a7c1e1f6242308a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5b6f3806c04b7c91d2ee5cf8f42b31343a9d33ea62ad9d0506cfa1be078477d3
604b5109bd8c68f743c365bf13310900acbe9d0cb13313ff1832f8245b51dca4
60abaf88d6790a81e6f4edd4a174032609f24f6ffd767a837c96e1c956175e6b
60ffdbdb82d005331e973b32112008f30bc8f99d3b0dade5add1cb769c00fc34
624f9e2a8ac38b2357be638502a8efdf73f547cd1c77cb28e8be6f1009280dfd
63af48ef1ca31a48d504468d453f333c49abcb911235dc8ce039ce631e75da6a
655d2013c62900319a0da87ab51de91cf5432d6e119b7e8bd224389100b2931e
6778f9e8a4e687a9fab77d3696c734867cab4ee396c949b1629013a15aaa088d
67e1bb6ad1d688a68298352c267f273ffff3cbd32fc021b0c8d2be141932ef04
67f2b0a60f37796c436ea0d9f947a22cb196312a87705d10069b65acc2993f01
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
69b75483b270421e1a89426dd59387ba090772313561c3e9fa415396a78e8936
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
742f8cba0c9016dda5231e776366b5567b1eebf3c9cbb1a6379296806edf1601
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
749a42f58e408284dd7ab8e33d2c04a9097dc6ceedd6b86e880d9bd8ac7093f5
81139c1f0555e526ad6b69fe3c05fcedbe4fa61b8f206dce368330625b7e5742
82e2d5fd2ae7a2dfb049133d30a1c14aa65ddacffd138a73921f2994766c3324
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8389ab2ff25b494852f8aa7c6972c69140ffb4f74ad5fb5f030d6ed3a1160359
852f9373b699fc14ba114ab8edcf42b06584e4a6953dd2d91957cd73df0fa05d
863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06
88c003ca3b8264aa64112d6c7ebe5a82011b6041c24460dbea7a31d3bfafee34
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
94fb21a4c660caa6b870eb1b203570f64148eed235be4f41be7fa177a7851578
9585f9660d61236506d8fe0d442168949a866c238ee7fe8c5f32b0aec2b29d71
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e7472c6e2cf62a51e47f0d0ff45b81106bbf093739f22b6c4c7ca78b4fe6c35
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6098464fc2e79a514e9fe383932f4eed6a1c99ff10b7c68e4985161728ef8d3
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ae6e79fcd093e4a8968d1ebc25b12f74f12503794384e0de7598761261c01f70
aefc3ea305266eac862163892fa2a60dfb2a22161836571035bf8e27220ad2c5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3d07bd62da73385f67aa7d09c598bade0243347339334c81763124a803dbaf7
b4464599f9055d0905ba386ac43f29b9cf6fdecd587940e2963c38de9efe32ca
b5975f21c81bda9dfd465bc96ee93a336e22d160bed0054ef916a8392d5aa406
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
c04e372715cffbc60a3f59d89c6ba50bb9f8adbc36c2e75cbd155f4ae1a911e8
c0e57c534e7fce5e66fb419c269b97d436385a2c69b9f508edf480ef60dedf91
c38b62fa5511ad22254071584ee5d3e8db1f5084504813eff82e559c251dbef3
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce95b2c70b9238a876c36c17c9b401ba23af175399327dd171519158653245ee
cf1714063f194a48a6b6567b7d822c84989072c2e8067ea396b6c65a5a2151ad
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
d6e0a0fe337d88801541d8a75a75c0b7a43485445feba33975c6f02f55b8f960
d723b07c16a3fb155ea521365c61ca301d4da61d90954a153b7918608811c234
d770749019637859894001e3ce01057cc47b89c89f5afe98f1c6d0aaf9a4648d
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
dcfade046eea82e99914612625144d1ab7464420b0ad02995715bb0b92a4a540
dd01c2808571a1cfdcf109ce9b552199ac5f7d7f6636264c21226619df70f2ae
ddeecf7578070dbaea907b70d73c4d20f6584febcf86ffca7a85bfd0bad77a02
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
dec6a0b276c15b010acbbc7c201810712d7b9f7217308225174dfdeda5d4f6e0
ded76441d40cbfc6d43dda7a994820cf0a64ad3d0dee4e4635951203945143a0
e06a1c6ca9fbdcbab4b4282bbf1e2255ef607b00b457086855a0b2bc33faf7a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a54349dc54879fad8d1567c0dbaad10d67553f8d1c190f3939e46b434c6e9a
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6d76a2dedcc68e2317925b345474a47ee6294694ded93655ee3d69559a4a583
e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
ff7bf0e46bc638dc36c28fd98b218a1983bc2badd30cbed318de10c270f66ec1

blip.fm Open in urlscan Pro 54.163.233.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

179 Requests

99 %HTTPS

48 %IPv6

47 Domains

63 Subdomains

45 IPs

8 Countries

2825 kBTransfer

8117 kBSize

8 Cookies

2 Outgoing links

Redirected requests

179 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

blip.fm Open in urlscan Pro
54.163.233.121 Public Scan

Screenshot
Live screenshot

Full Image

179
Requests

99 %
HTTPS

48 %
IPv6

47
Domains

63
Subdomains

45
IPs

8
Countries

2825 kB
Transfer

8117 kB
Size

8
Cookies

179 HTTP transactions
2 data transactions