www.dailymail.co.uk Open in urlscan Pro
2a02:26f0:6c00:288::16c2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W6...
Effective URL:
https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_h...
Submission: On May 04 via api (May 4th 2021, 11:21:14 am UTC) from DE

Summary HTTP 539 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 110 IPs in 10 countries across 85 domains to perform 539 HTTP transactions. The main IP is 2a02:26f0:6c00:288::16c2, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.dailymail.co.uk.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on February 16th 2021. Valid for: a year.

This is the only time www.dailymail.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	199.60.103.254 199.60.103.254	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1 16	2a02:26f0:6c0... 2a02:26f0:6c00:288::16c2	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
39	2a02:26f0:170... 2a02:26f0:1700:1b6::16c2	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
4	143.204.202.19 143.204.202.19	16509 (AMAZON-02) (AMAZON-02)
2 2	15.237.76.117 15.237.76.117	16509 (AMAZON-02) (AMAZON-02)
1 2	52.222.183.91 52.222.183.91	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:120... 2a02:26f0:120::5435:8c78	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	34.241.183.220 34.241.183.220	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:811::2002	() ()
1	2600:9000:207... 2600:9000:2070:ba00:8:5c85:cdc0:93a1	16509 (AMAZON-02) (AMAZON-02)
10	52.85.32.122 52.85.32.122	() ()
61	151.101.13.44 151.101.13.44	() ()
2	2606:4700::68... 2606:4700::6812:5ba	() ()
1 1	185.94.180.128 185.94.180.128	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2.18.232.234 2.18.232.234	() ()
2	2.16.107.122 2.16.107.122	() ()
2	134.209.129.254 134.209.129.254	() ()
1	2a04:4e42:3::621 2a04:4e42:3::621	() ()
3	37.252.161.190 37.252.161.190	() ()
4	23.21.47.199 23.21.47.199	14618 (AMAZON-AES) (AMAZON-AES)
2	3.124.9.99 3.124.9.99	16509 (AMAZON-02) (AMAZON-02)
1	178.250.0.165 178.250.0.165	() ()
1	185.64.189.112 185.64.189.112	() ()
1	185.255.84.151 185.255.84.151	200271 (IGUANE-) (IGUANE-)
3	213.19.162.31 213.19.162.31	() ()
8	52.28.203.152 52.28.203.152	() ()
2	3.125.137.77 3.125.137.77	() ()
6 22	185.33.221.15 185.33.221.15	() ()
1	18.195.223.2 18.195.223.2	16509 (AMAZON-02) (AMAZON-02)
7 20	35.244.159.8 35.244.159.8	() ()
2	184.25.115.31 184.25.115.31	() ()
1	184.30.21.51 184.30.21.51	() ()
10	35.158.21.212 35.158.21.212	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2b9::11a6	() ()
1	2a00:1450:400... 2a00:1450:4001:802::2004	() ()
1	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	() ()
1	104.19.150.54 104.19.150.54	() ()
7 10	35.156.143.112 35.156.143.112	16509 (AMAZON-02) (AMAZON-02)
10	172.217.23.98 172.217.23.98	() ()
1 1	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9a	() ()
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	() ()
4 7	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
3	2a00:1450:400... 2a00:1450:4001:812::2002	() ()
3	2a00:1450:400... 2a00:1450:4001:801::2002	() ()
7	2a00:1450:400... 2a00:1450:4001:82f::2001	() ()
19	2a00:1450:400... 2a00:1450:4001:802::2001	() ()
1	2a02:26f0:6c0... 2a02:26f0:6c00:1bb::11a6	() ()
1	37.157.2.234 37.157.2.234	() ()
3	2a02:26f0:6c0... 2a02:26f0:6c00:2a6::16c2	() ()
1	151.139.128.11 151.139.128.11	() ()
3 6	185.94.180.125 185.94.180.125	() ()
35	2a00:1450:400... 2a00:1450:4001:812::2006	() ()
1	3.123.110.9 3.123.110.9	16509 (AMAZON-02) (AMAZON-02)
1	52.28.147.142 52.28.147.142	() ()
17 46	2.18.234.21 2.18.234.21	() ()
2 4	54.36.109.49 54.36.109.49	16276 (OVH) (OVH)
2	2a02:2638::3 2a02:2638::3	() ()
2	185.94.180.124 185.94.180.124	() ()
3 13	76.223.111.131 76.223.111.131	() ()
2	2.18.233.180 2.18.233.180	() ()
2	151.101.113.108 151.101.113.108	() ()
6 16	18.196.184.242 18.196.184.242	16509 (AMAZON-02) (AMAZON-02)
6	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1 4	52.59.102.119 52.59.102.119	16509 (AMAZON-02) (AMAZON-02)
3	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	35.156.12.76 35.156.12.76	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2 2	18.159.8.206 18.159.8.206	16509 (AMAZON-02) (AMAZON-02)
2 8	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
5	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 6	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
22 40	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
3	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	216.52.2.39 216.52.2.39	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	185.86.139.115 185.86.139.115	201081 (SMARTADSE...) (SMARTADSERVER)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 2	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	172.105.213.147 172.105.213.147	63949 (LINODE-AP...) (LINODE-AP Linode)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
2 2	18.197.64.250 18.197.64.250	16509 (AMAZON-02) (AMAZON-02)
1 2	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
5 10	52.94.232.32 52.94.232.32	16509 (AMAZON-02) (AMAZON-02)
3	52.202.1.196 52.202.1.196	14618 (AMAZON-AES) (AMAZON-AES)
4 4	51.178.20.140 51.178.20.140	16276 (OVH) (OVH)
2 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
2 3	104.111.242.53 104.111.242.53	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2 4	34.254.6.162 34.254.6.162	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	185.29.133.58 185.29.133.58	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
5 7	37.157.6.246 37.157.6.246	198622 (ADFORM) (ADFORM)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	64.202.112.63 64.202.112.63	23352 (SERVERCEN...) (SERVERCENTRAL)
3 4	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
4	2600:9000:211... 2600:9000:211e:400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.168 213.155.156.168	1299 (TELIANET ...) (TELIANET Telia Carrier)
4	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2606:4700:10:... 2606:4700:10::6816:1857	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
1 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
8	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1 1	185.183.112.148 185.183.112.148	60350 (VP) (VP)
1	74.125.206.157 74.125.206.157	15169 (GOOGLE) (GOOGLE)
1	185.33.221.91 185.33.221.91	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 3	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	35.157.48.14 35.157.48.14	16509 (AMAZON-02) (AMAZON-02)
2	2600:1f18:612... 2600:1f18:612b:4264:7659:1bf:d736:fba9	14618 (AMAZON-AES) (AMAZON-AES)
4	54.196.119.86 54.196.119.86	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:10:... 2a02:26f0:10::5c7a:d698	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	23.79.143.124 23.79.143.124	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	65.9.84.59 65.9.84.59	16509 (AMAZON-02) (AMAZON-02)
2 2	3.127.73.204 3.127.73.204	16509 (AMAZON-02) (AMAZON-02)
1	63.34.51.8 63.34.51.8	16509 (AMAZON-02) (AMAZON-02)
1	34.246.207.243 34.246.207.243	16509 (AMAZON-02) (AMAZON-02)
1	65.9.76.122 65.9.76.122	16509 (AMAZON-02) (AMAZON-02)
1	18.194.117.230 18.194.117.230	16509 (AMAZON-02) (AMAZON-02)
1 2	54.228.50.17 54.228.50.17	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
539	110

2 199.60.103.254 (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

info.silobreaker.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:26f0:6c00:288::16c2 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ted.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
crta.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
creative.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
video.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a02:26f0:1700:1b6::16c2 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

scripts.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secured.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.202.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-19.fra53.r.cloudfront.net

uk-script.dotmetrics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.237.76.117 (Paris, France) 2 redirects

ASN16509 (AMAZON-02, US)

swa.and.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.183.91 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-183-91.ham50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:120::5435:8c78 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

hulkprod.anm.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.241.183.220 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-183-220.eu-west-1.compute.amazonaws.com

sync.sxp.smartclip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2070:ba00:8:5c85:cdc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

sak.userreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.85.32.122 (United States)

ASN- ()
PTR: server-52-85-32-122.ham50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 151.101.13.44 (Frankfurt am Main, Germany)

ASN- ()

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
15.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c3.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:5ba (United States)

ASN- ()

macro.adnami.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.94.180.128 (United States) 1 redirects

ASN35220 (SPOTX-AMS, US)

js.spotx.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.234 (Frankfurt am Main, Germany)

ASN- ()
PTR: a2-18-232-234.deploy.static.akamaitechnologies.com

aka.spotxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.107.122 (Frankfurt am Main, Germany)

ASN- ()
PTR: a2-16-107-122.deploy.static.akamaitechnologies.com

storage.cloud.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 134.209.129.254 (North Bergen, United States)

ASN- ()

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::621 (United States)

ASN- ()

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.161.190 (Bethnal Green, United Kingdom)

ASN- ()
PTR: prebid.ams1.adnexus.net

prebid.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.21.47.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

mfad.inskinad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.9.99 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

pre.ads.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN- ()
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN- ()

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.151 (Paris, France)

ASN200271 (IGUANE-, FR)

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.162.31 (United Kingdom)

ASN- ()

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.28.203.152 (Frankfurt am Main, Germany)

ASN- ()

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.137.77 (Frankfurt am Main, Germany)

ASN- ()

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 185.33.221.15 (Amsterdam, Netherlands) 6 redirects

ASN- ()
PTR: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.223.2 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

krk.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 35.244.159.8 (Kansas City, United States) 7 redirects

ASN- ()

mailonline-uk-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.25.115.31 (Frankfurt am Main, Germany)

ASN- ()
PTR: a184-25-115-31.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.21.51 (Frankfurt am Main, Germany)

ASN- ()
PTR: a184-30-21-51.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.158.21.212 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2b9::11a6 (Frankfurt am Main, Germany)

ASN- ()

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN- ()

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN- ()

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.150.54 (United States)

ASN- ()

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.156.143.112 (Frankfurt am Main, Germany) 7 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.23.98 (United States)

ASN- ()
PTR: fra16s45-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN- ()

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1288:110:c305::8000 (United Kingdom) 4 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN- ()

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN- ()

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN- ()

babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN- ()

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:1bb::11a6 (Frankfurt am Main, Germany)

ASN- ()

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.2.234 (Denmark)

ASN- ()

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:2a6::16c2 (Frankfurt am Main, Germany)

ASN- ()

fff.dailymail.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (United States)

ASN- ()

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.94.180.125 (United States) 3 redirects

ASN- ()

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.123.110.9 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.147.142 (Frankfurt am Main, Germany)

ASN- ()

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 2.18.234.21 (Frankfurt am Main, Germany) 17 redirects

ASN- ()
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.36.109.49 (France) 2 redirects

ASN16276 (OVH, FR)

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN- ()

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.124 (United States)

ASN- ()

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 76.223.111.131 (United States) 3 redirects

ASN- ()
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany)

ASN- ()
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.108 (Frankfurt am Main, Germany)

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 18.196.184.242 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.230.142 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.49 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.59.102.119 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Kansas City, United States)

ASN15169 (GOOGLE, US)

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.156.12.76 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.159.8.206 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 141.226.228.48 (Netherlands) 2 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-vid-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 199.232.137.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 69.173.144.138 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 142.250.186.66 (United States) 22 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.39 (United States) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.115 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.151 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.105.213.147 (Tokyo, Japan) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1867-147.members.linode.com

s.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.64.250 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.59.101 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.94.232.32 (Ashburn, United States) 5 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.202.1.196 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.178.20.140 (France) 4 redirects

ASN16276 (OVH, FR)
PTR: ns31193670.ip-51-178-20.eu

gu.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.242.53 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-53.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.254.6.162 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.29.133.58 (United Kingdom) 4 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:f916:5049:f87f:108e (United States) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.157.6.246 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.63 (United States) 2 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 169.50.137.190 (United States) 3 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:211e:400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.168 (Sweden) 2 redirects

ASN1299 (TELIANET Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Hjørring, Denmark) 1 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.183.112.148 (Paris, France) 1 redirects

ASN60350 (VP, FR)

sync.adotmob.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.206.157 (United States)

ASN15169 (GOOGLE, US)

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.91 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.0.31 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.48.14 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4264:7659:1bf:d736:fba9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

taboola-supply-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.196.119.86 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10::5c7a:d698 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

animate.adobe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.79.143.124 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-143-124.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.84.59 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.73.204 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.51.8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-51-8.eu-west-1.compute.amazonaws.com

des.smartclip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.207.243 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.76.122 (United States)

ASN16509 (AMAZON-02, US)

d38k2esv5oh9bn.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.194.117.230 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-117-230.eu-central-1.compute.amazonaws.com

te.technical-service.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.228.50.17 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

ad.sxp.smartclip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
74	taboola.com 2 redirects cdn.taboola.com trc.taboola.com 15.taboola.com images.taboola.com vidstat.taboola.com sync.taboola.com match.taboola.com sync-t1.taboola.com imprammp.taboola.com am-match.taboola.com wf.taboola.com am-vid-events.taboola.com c3.taboola.com	2 MB
68	doubleclick.net 22 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net bid.g.doubleclick.net pubads.g.doubleclick.net	279 KB
58	dailymail.co.uk 1 redirects www.dailymail.co.uk scripts.dailymail.co.uk i.dailymail.co.uk ted.dailymail.co.uk t.dailymail.co.uk secured.dailymail.co.uk crta.dailymail.co.uk fff.dailymail.co.uk creative.dailymail.co.uk video.dailymail.co.uk	2 MB
50	googlesyndication.com babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com ade.googlesyndication.com Failed	236 KB
44	casalemedia.com 17 redirects htlb.casalemedia.com ssum-sec.casalemedia.com ssum.casalemedia.com dsum-sec.casalemedia.com	41 KB
35	2mdn.net s0.2mdn.net	862 KB
28	adnxs.com 6 redirects prebid.adnxs.com ib.adnxs.com acdn.adnxs.com secure.adnxs.com	63 KB
22	openx.net 9 redirects mailonline-uk-d.openx.net u.openx.net eu-u.openx.net us-u.openx.net rtb.openx.net taboola-d.openx.net Failed	6 KB
20	amazon-adsystem.com 5 redirects c.amazon-adsystem.com s.amazon-adsystem.com	43 KB
18	3lift.com 6 redirects tlx.3lift.com eb2.3lift.com	7 KB
18	rubiconproject.com 4 redirects fastlane.rubiconproject.com prebid-server.rubiconproject.com eus.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com secure-assets.rubiconproject.com	56 KB
16	yahoo.com 5 redirects c2shb.ssp.yahoo.com pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	9 KB
13	adsrvr.org 3 redirects match.adsrvr.org	4 KB
12	adsafeprotected.com 2 redirects fw.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	194 KB
11	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com simage2.pubmatic.com image6.pubmatic.com image2.pubmatic.com	31 KB
10	bidswitch.net 7 redirects x.bidswitch.net	4 KB
10	sharethrough.com btlr.sharethrough.com	1 KB
8	spotxchange.com 3 redirects sync.search.spotxchange.com search.spotxchange.com	5 KB
8	skimresources.com 1 redirects s.skimresources.com t.skimresources.com p.skimresources.com r.skimresources.com	21 KB
8	adform.net 5 redirects cm.adform.net c1.adform.net	3 KB
6	google.com adservice.google.com www.google.com	883 B
6	googletagservices.com www.googletagservices.com	190 KB
5	advertising.com 1 redirects ads.adaptv.advertising.com pixel.advertising.com	924 B
5	smartclip.net 2 redirects sync.sxp.smartclip.net des.smartclip.net ad.sxp.smartclip.net	5 KB
4	simpli.fi 3 redirects um.simpli.fi	2 KB
4	mathtag.com 4 redirects sync.mathtag.com	2 KB
4	dyntrk.com 4 redirects gu.dyntrk.com	2 KB
4	indexww.com js-sec.indexww.com	4 KB
4	id5-sync.com 2 redirects id5-sync.com	5 KB
4	criteo.com 1 redirects bidder.criteo.com dis.criteo.com gum.criteo.com	1 KB
4	inskinad.com mfad.inskinad.com	3 KB
4	kargo.com storage.cloud.kargo.com krk.kargo.com klkstrm.kargo.com Failed crb.kargo.com	5 KB
4	dotmetrics.net uk-script.dotmetrics.net	39 KB
3	sitescout.com 1 redirects pixel-sync.sitescout.com	681 B
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	adentifi.com rtb.adentifi.com	264 B
3	google.de adservice.google.de	1 KB
2	360yield.com 2 redirects match.360yield.com	784 B
2	smaato.net 2 redirects s.ad.smaato.net	856 B
2	tremorhub.com taboola-supply-partners.tremorhub.com	365 B
2	w55c.net 2 redirects pm.w55c.net	1 KB
2	fiftyt.com 1 redirects visitor.fiftyt.com	1 KB
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	zemanta.com 2 redirects b1sync.zemanta.com	602 B
2	bing.com c.bing.com	653 B
2	quantserve.com 2 redirects pixel.quantserve.com	991 B
2	turn.com 2 redirects ad.turn.com	850 B
2	sportradarserving.com 2 redirects a.sportradarserving.com	1 KB
2	lijit.com 1 redirects ce.lijit.com	1018 B
2	contextweb.com 1 redirects bh.contextweb.com	828 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	everesttech.net 1 redirects sync-tm.everesttech.net	702 B
2	criteo.net static.criteo.net	51 KB
2	google-analytics.com 1 redirects google-analytics.com ssl.google-analytics.com	18 KB
2	go-mpulse.net s.go-mpulse.net c.go-mpulse.net	51 KB
2	justpremium.com pre.ads.justpremium.com	5 KB
2	serverbid.com e.serverbid.com	88 B
2	adnami.io macro.adnami.io	18 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	952 B
2	and.co.uk 2 redirects swa.and.co.uk	2 KB
2	googleapis.com imasdk.googleapis.com	685 KB
2	silobreaker.com 1 redirects info.silobreaker.com	3 KB
1	technical-service.net te.technical-service.net	1 KB
1	cloudfront.net d38k2esv5oh9bn.cloudfront.net
1	krxd.net beacon.krxd.net	347 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	477 B
1	adobe.com animate.adobe.com	33 KB
1	adotmob.com 1 redirects sync.adotmob.com	689 B
1	zeotap.com mwzeom.zeotap.com	595 B
1	bttrack.com bttrack.com	380 B
1	appier.net 1 redirects s.c.appier.net	362 B
1	emxdgt.com e1.emxdgt.com	59 B
1	smartadserver.com rtb-csync.smartadserver.com	697 B
1	adkernel.com dsp.adkernel.com	233 B
1	facebook.com www.facebook.com	409 B
1	permutive.com cdn.permutive.com	156 KB
1	facebook.net connect.facebook.net	3 KB
1	teads.tv a.teads.tv	251 B
1	omnitagjs.com hb-api.omnitagjs.com	711 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	spotxcdn.com aka.spotxcdn.com	155 KB
1	spotx.tv 1 redirects js.spotx.tv	590 B
1	userreport.com sak.userreport.com	14 KB
1	anm.co.uk hulkprod.anm.co.uk	12 KB
539	85

	Domain	Requested by
40	cm.g.doubleclick.net	22 redirects www.dailymail.co.uk u.openx.net eu-u.openx.net eb2.3lift.com googleads.g.doubleclick.net babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
35	s0.2mdn.net	imasdk.googleapis.com info.silobreaker.com s0.2mdn.net animate.adobe.com www.dailymail.co.uk babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
29	dsum-sec.casalemedia.com	11 redirects ssum-sec.casalemedia.com googleads.g.doubleclick.net
24	pagead2.googlesyndication.com	srcdoc babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com fw.adsafeprotected.com tpc.googlesyndication.com securepubads.g.doubleclick.net
23	trc.taboola.com	cdn.taboola.com www.dailymail.co.uk
22	ib.adnxs.com	6 redirects scripts.dailymail.co.uk www.dailymail.co.uk acdn.adnxs.com eb2.3lift.com googleads.g.doubleclick.net
20	i.dailymail.co.uk	www.dailymail.co.uk scripts.dailymail.co.uk
19	tpc.googlesyndication.com	securepubads.g.doubleclick.net babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
18	scripts.dailymail.co.uk	www.dailymail.co.uk scripts.dailymail.co.uk
16	eb2.3lift.com	6 redirects scripts.dailymail.co.uk eb2.3lift.com
13	match.adsrvr.org	3 redirects scripts.dailymail.co.uk www.dailymail.co.uk ssum-sec.casalemedia.com u.openx.net eu-u.openx.net eb2.3lift.com ads.pubmatic.com
12	images.taboola.com	www.dailymail.co.uk
11	vidstat.taboola.com	cdn.taboola.com vidstat.taboola.com
11	ssum-sec.casalemedia.com	4 redirects scripts.dailymail.co.uk ssum-sec.casalemedia.com js-sec.indexww.com
10	s.amazon-adsystem.com	5 redirects ssum-sec.casalemedia.com eb2.3lift.com
10	x.bidswitch.net	7 redirects www.dailymail.co.uk imprammp.taboola.com am-match.taboola.com
10	btlr.sharethrough.com	scripts.dailymail.co.uk
10	cdn.taboola.com	scripts.dailymail.co.uk cdn.taboola.com www.dailymail.co.uk
10	c.amazon-adsystem.com	scripts.dailymail.co.uk c.amazon-adsystem.com
9	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
8	googleads4.g.doubleclick.net	info.silobreaker.com
8	googleads.g.doubleclick.net	babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com info.silobreaker.com
8	eu-u.openx.net	3 redirects scripts.dailymail.co.uk u.openx.net eu-u.openx.net
8	c2shb.ssp.yahoo.com	scripts.dailymail.co.uk
7	c1.adform.net	5 redirects ssum-sec.casalemedia.com
7	babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	pr-bh.ybp.yahoo.com	4 redirects ads.pubmatic.com ssum-sec.casalemedia.com
6	us-u.openx.net	2 redirects u.openx.net eu-u.openx.net
6	eus.rubiconproject.com	scripts.dailymail.co.uk eus.rubiconproject.com imprammp.taboola.com am-match.taboola.com
6	sync.search.spotxchange.com	3 redirects www.dailymail.co.uk imprammp.taboola.com am-match.taboola.com
6	www.googletagservices.com	scripts.dailymail.co.uk securepubads.g.doubleclick.net babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
5	crta.dailymail.co.uk	scripts.dailymail.co.uk
5	www.dailymail.co.uk	1 redirects info.silobreaker.com scripts.dailymail.co.uk
4	dt.adsafeprotected.com	babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
4	image2.pubmatic.com	ads.pubmatic.com
4	static.adsafeprotected.com	fw.adsafeprotected.com babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
4	um.simpli.fi	3 redirects ads.pubmatic.com
4	sync.mathtag.com	4 redirects
4	fw.adsafeprotected.com	2 redirects info.silobreaker.com babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
4	gu.dyntrk.com	4 redirects
4	sync.taboola.com	2 redirects www.dailymail.co.uk
4	pixel.advertising.com	1 redirects www.dailymail.co.uk imprammp.taboola.com am-match.taboola.com
4	js-sec.indexww.com	scripts.dailymail.co.uk ssum-sec.casalemedia.com
4	u.openx.net	2 redirects scripts.dailymail.co.uk www.dailymail.co.uk
4	id5-sync.com	2 redirects www.dailymail.co.uk
4	mfad.inskinad.com	scripts.dailymail.co.uk www.dailymail.co.uk ssum-sec.casalemedia.com
4	uk-script.dotmetrics.net	www.dailymail.co.uk uk-script.dotmetrics.net
3	pixel-sync.sitescout.com	1 redirects babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
3	token.rubiconproject.com	eus.rubiconproject.com
3	imprammp.taboola.com	info.silobreaker.com vidstat.taboola.com
3	www.google.com	babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
3	px.owneriq.net	2 redirects ssum-sec.casalemedia.com
3	rtb.adentifi.com	ssum-sec.casalemedia.com
3	simage2.pubmatic.com	www.dailymail.co.uk ads.pubmatic.com
3	pixel.rubiconproject.com	2 redirects www.dailymail.co.uk
3	t.skimresources.com	www.dailymail.co.uk s.skimresources.com
3	15.taboola.com	cdn.taboola.com
3	fff.dailymail.co.uk	scripts.dailymail.co.uk
3	adservice.google.com	securepubads.g.doubleclick.net imasdk.googleapis.com
3	adservice.google.de	securepubads.g.doubleclick.net imasdk.googleapis.com
3	fastlane.rubiconproject.com	scripts.dailymail.co.uk
3	prebid.adnxs.com	scripts.dailymail.co.uk
2	ad.sxp.smartclip.net	1 redirects www.dailymail.co.uk
2	match.360yield.com	2 redirects
2	s.ad.smaato.net	2 redirects
2	rtb.openx.net	2 redirects
2	secure-assets.rubiconproject.com	2 redirects
2	c3.taboola.com	www.dailymail.co.uk
2	taboola-supply-partners.tremorhub.com	imprammp.taboola.com am-match.taboola.com
2	pm.w55c.net	2 redirects
2	visitor.fiftyt.com	1 redirects ads.pubmatic.com
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	d5p.de17a.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	c.bing.com	eb2.3lift.com
2	pixel.quantserve.com	2 redirects
2	ad.turn.com	2 redirects
2	r.skimresources.com	1 redirects www.dailymail.co.uk
2	a.sportradarserving.com	2 redirects
2	sync-t1.taboola.com	www.dailymail.co.uk
2	dis.criteo.com	1 redirects ads.pubmatic.com
2	ce.lijit.com	1 redirects www.dailymail.co.uk
2	bh.contextweb.com	1 redirects www.dailymail.co.uk
2	rtb.mfadsrvr.com	2 redirects
2	p.skimresources.com	www.dailymail.co.uk
2	ssum.casalemedia.com	2 redirects
2	sync-tm.everesttech.net	1 redirects www.dailymail.co.uk
2	acdn.adnxs.com	scripts.dailymail.co.uk
2	ads.pubmatic.com	scripts.dailymail.co.uk ads.pubmatic.com
2	search.spotxchange.com	js.spotx.tv
2	static.criteo.net	scripts.dailymail.co.uk static.criteo.net
2	htlb.casalemedia.com	scripts.dailymail.co.uk
2	mailonline-uk-d.openx.net	scripts.dailymail.co.uk
2	tlx.3lift.com	scripts.dailymail.co.uk
2	pre.ads.justpremium.com	scripts.dailymail.co.uk
2	e.serverbid.com	www.dailymail.co.uk
2	storage.cloud.kargo.com	scripts.dailymail.co.uk storage.cloud.kargo.com
2	macro.adnami.io	scripts.dailymail.co.uk macro.adnami.io
2	sync.sxp.smartclip.net	1 redirects www.dailymail.co.uk
2	sb.scorecardresearch.com	1 redirects www.dailymail.co.uk
2	swa.and.co.uk	2 redirects
2	t.dailymail.co.uk	scripts.dailymail.co.uk
2	ted.dailymail.co.uk	scripts.dailymail.co.uk
2	imasdk.googleapis.com	www.dailymail.co.uk imasdk.googleapis.com
2	info.silobreaker.com	1 redirects
1	gum.criteo.com	static.criteo.net
1	te.technical-service.net	imasdk.googleapis.com
1	d38k2esv5oh9bn.cloudfront.net	s0.2mdn.net
1	beacon.krxd.net	babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
1	des.smartclip.net	imasdk.googleapis.com
1	gcm.ctnsnet.com	1 redirects
1	pubads.g.doubleclick.net	imasdk.googleapis.com
1	animate.adobe.com	s0.2mdn.net
1	ups.analytics.yahoo.com	1 redirects
1	secure.adnxs.com	ssum-sec.casalemedia.com imasdk.googleapis.com
1	bid.g.doubleclick.net	babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
1	sync.adotmob.com	1 redirects
1	mwzeom.zeotap.com	ads.pubmatic.com
1	video.dailymail.co.uk	www.dailymail.co.uk
1	am-vid-events.taboola.com	www.dailymail.co.uk
1	wf.taboola.com	vidstat.taboola.com
1	am-match.taboola.com	vidstat.taboola.com
1	image6.pubmatic.com	ads.pubmatic.com
1	bttrack.com	www.dailymail.co.uk
1	s.c.appier.net	1 redirects
1	e1.emxdgt.com	www.dailymail.co.uk
1	rtb-csync.smartadserver.com	www.dailymail.co.uk
1	dsp.adkernel.com	www.dailymail.co.uk
1	match.taboola.com	www.dailymail.co.uk
1	crb.kargo.com	storage.cloud.kargo.com
1	prebid-server.rubiconproject.com	scripts.dailymail.co.uk
1	ads.adaptv.advertising.com	scripts.dailymail.co.uk
1	creative.dailymail.co.uk	www.dailymail.co.uk
1	s.skimresources.com	scripts.dailymail.co.uk
1	cm.adform.net	www.dailymail.co.uk
1	c.go-mpulse.net	s.go-mpulse.net
1	www.facebook.com	www.dailymail.co.uk
1	stats.g.doubleclick.net	www.dailymail.co.uk
1	ssl.google-analytics.com	1 redirects
1	cdn.permutive.com	scripts.dailymail.co.uk
1	connect.facebook.net	scripts.dailymail.co.uk
1	google-analytics.com	www.dailymail.co.uk
1	s.go-mpulse.net	www.dailymail.co.uk
1	a.teads.tv	scripts.dailymail.co.uk
1	krk.kargo.com	scripts.dailymail.co.uk
1	hb-api.omnitagjs.com	scripts.dailymail.co.uk
1	hbopenbid.pubmatic.com	scripts.dailymail.co.uk
1	bidder.criteo.com	scripts.dailymail.co.uk
1	cdn.jsdelivr.net	scripts.dailymail.co.uk
1	secured.dailymail.co.uk	scripts.dailymail.co.uk
1	aka.spotxcdn.com	www.dailymail.co.uk
1	js.spotx.tv	1 redirects
1	sak.userreport.com	scripts.dailymail.co.uk
1	hulkprod.anm.co.uk	scripts.dailymail.co.uk
0	taboola-d.openx.net Failed	vidstat.taboola.com
0	ade.googlesyndication.com Failed
0	klkstrm.kargo.com Failed	storage.cloud.kargo.com
539	157

This site contains links to these domains. Also see Links.

Domain
discountcode.dailymail.co.uk
popup.taboola.com
affluenttimes.com
rfvtgb.novelodge.com
www.inpixio.com
rfvtgb.restwow.com
www.travelden.co.uk
risiken-und-nebenwirkungen.com
www.sarahsblessing.de
marketing.net.brillen.at
track.netofclicks.nl
bredings-person.com
www.obi.at
trc.taboola.com
itunes.apple.com
mailpictures.newsprints.co.uk
www.mailonsunday.co.uk
www.thisismoney.co.uk
www.metro.co.uk
www.jobsite.co.uk
www.mailtravel.co.uk
www.zoopla.co.uk
www.primelocation.com
www.dmgmedia.co.uk
www.mailmetromedia.co.uk

Subject Issuer	Validity	Valid
info.silobreaker.com Cloudflare Inc ECC CA-3	`2020-06-30` - `2021-06-30`	a year	crt.sh
*.dailymail.co.uk DigiCert SHA2 Secure Server CA	`2021-02-16` - `2022-02-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.dotmetrics.net Amazon	`2020-11-23` - `2021-12-22`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
dmgprivacyint.co.uk R3	`2021-04-16` - `2021-07-15`	3 months	crt.sh
*.smartclip.net Amazon	`2021-01-29` - `2022-02-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.userreport.com Amazon	`2021-02-19` - `2022-03-20`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-27` - `2021-08-27`	a year	crt.sh
cdn.spotxcdn.com GeoTrust RSA CA 2018	`2020-05-21` - `2021-06-20`	a year	crt.sh
kargo.com R3	`2021-03-16` - `2021-06-14`	3 months	crt.sh
e.serverbid.com R3	`2021-03-15` - `2021-06-13`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-03` - `2022-03-26`	a year	crt.sh
prebid.adnxs.com GeoTrust TLS RSA CA G1	`2020-03-29` - `2022-03-29`	2 years	crt.sh
mfad.inskinad.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
tracking.justpremium.com Amazon	`2021-03-01` - `2022-03-30`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2021-06-18`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-18` - `2021-09-08`	6 months	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.dev.kargo.com Amazon	`2021-03-16` - `2022-04-14`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
teads.tv R3	`2021-02-18` - `2021-05-19`	3 months	crt.sh
*.sharethrough.com Amazon	`2020-09-09` - `2021-10-11`	a year	crt.sh
akstat.io DigiCert Secure Site ECC CA-1	`2020-05-06` - `2021-08-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
permutive.com Cloudflare Inc ECC CA-3	`2021-03-02` - `2022-03-01`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.adform.net DigiCert SHA2 Secure Server CA	`2020-04-02` - `2021-06-02`	a year	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2020-09-10` - `2021-10-12`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2021-04-08` - `2022-05-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-12-26` - `2021-06-22`	6 months	crt.sh
*.id5-sync.com R3	`2021-03-23` - `2021-06-21`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2021-03-10` - `2022-03-29`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-16` - `2022-03-17`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2021-03-01` - `2021-08-24`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.adkernel.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2022-01-05`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2020-05-18` - `2021-07-17`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
adentifi.com Amazon	`2020-10-02` - `2021-11-02`	a year	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2021-01-29` - `2022-02-02`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-09-09` - `2021-10-09`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-04-12` - `2021-10-12`	6 months	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
static.adsafeprotected.com Amazon	`2020-10-03` - `2021-11-03`	a year	crt.sh
*.semasio.net GlobalSign GCC R3 DV TLS CA 2020	`2021-03-09` - `2022-04-10`	a year	crt.sh
visitor.fiftyt.com GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-29` - `2021-09-22`	6 months	crt.sh
*.tremorhub.com Amazon	`2020-07-25` - `2021-08-25`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
*.adobe.com DigiCert SHA2 Secure Server CA	`2021-02-02` - `2022-02-06`	a year	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2021-02-22` - `2022-02-21`	a year	crt.sh
te.technical-service.net Amazon	`2020-10-29` - `2021-11-28`	a year	crt.sh

This page contains 54 frames:

Primary Page: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Frame ID: 6B9218BF9DF2C1C8D0438658992BFA96
Requests: 257 HTTP requests in this frame

Frame: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 77F98A0D363141554BAC55C151897F16
Requests: 20 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Frame ID: 1BFC183A5659E6D7A70356A3577C8DFD
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Frame ID: 818D76DDE0B468BD36E2D7D039D4BCA8
Requests: 10 HTTP requests in this frame

Frame: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 606DB7E231AF102835B84C044E43C9F4
Requests: 16 HTTP requests in this frame

Frame: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9A9E2F0E34ECDBD95D04E3A6E47603FB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 48902BFF3FA50B33F854A6D5AB835297
Requests: 14 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 190067631DD3CDA50696DB0C6A618123
Requests: 3 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 46FB48ECA1FB7E840CC9833DE9187778
Requests: 11 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: 81CBD1D7E5031E5A5801D6236DBB1F08
Requests: 7 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 616F0E8EA114915FD2DBA62C0AFDCCAD
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 5FC047827B084D9AC0B6B38D6E2610D7
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
Frame ID: 216A8313F686D9ABC7A5D47D3D0D39E3
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E4DCFD3D71197065876DA56A4AE9C6EB
Requests: 3 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Frame ID: 76494CABA129102E056568BDBC9C07C5
Requests: 10 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: D5AE22B97C5F74C5CF634BBBB93B9B27
Requests: 11 HTTP requests in this frame

Frame: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aant5u1620127240447
Frame ID: 0A6D48CCD8A06BBF3BF16D7769B09F92
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 822B31D31C4DA02B2F0747FE3864E2D9
Requests: 1 HTTP requests in this frame

Frame: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6627CC7335A68F0A39109D092D916CD2
Requests: 15 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.30608702809139876
Frame ID: CA107B300AE19BBBD6236389AAE440F0
Requests: 1 HTTP requests in this frame

Frame: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7E4AEB818F6E72BFD3DFADB01FE5F91E
Requests: 1 HTTP requests in this frame

Frame: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7616D7FA1E09EE4D0FCAFD6DE9C14901
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 5DEC1556078449FBECEEAD6F9A6FF432
Requests: 1 HTTP requests in this frame

Frame: https://crb.kargo.com/api/v1/initsync/ad0d7ed7-f2df-44d8-b2e4-d4b3564362df?partners=Tapad,ttd,mediamath,DBM,LiveRamp
Frame ID: E9BCE0B3DBEFBB58AA115EA409D844A1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPSC36QCEOCy2KYCGKSX8KEBMAE&v=APEucNX8sUSPp7a-mdF8qjP6s3Qup75FF9lywvcnN83aKYnANmpKrV-KVk61cylkt_WnjXmkvvnr1YkMyQvzwALZbouy2UY5HEP6Haij15SnLIdf5iFwheCy_JpyxyJGhvYcY5jhLivPc_vVOpN7j1nVtc3aZEd8PKKKz89qxs8H5tLik6-d-f9chIaU5HSKI9Giz_hPLoHof0oyZKsWvEh6UXymGf2Jf8WukfXeUKBttGBLrJu-PP4
Frame ID: A11C26B96C64A0389D7A842421EDF02C
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&tbid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e&query=taboola_hm%3D921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&isDirect=0
Frame ID: EE8621D1CE025F7B3F045AE0942215EB
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQvPyRogIYson8lwEwAQ&v=APEucNX1XjeHxB86QgNEFINR4L4IOsmWr34SaD_v7m0WW3BrDziELjZsr4fOoBkJKPRW-WEkNuN7HJZ24hRnicjZVHbNitl2_TglDPvp5PvpQpAQR0ycR1EnBITEcE5CppvziZbHcxD0rs5FJrRYxdAW6pJy6Gi-U5xfV3cg9nFutgm8q-tH6c-xQEi8vXjoTjBRlykuGPkKM16GM2HAA-Jt6ujplR2g72xNgn6fzoMU05QYjhk5l44
Frame ID: 0ED056896CB933C3D9D6B94624D55C30
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 4E6328074092AB97839FA389E7C67CE1
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: DDC9890F053811B890F6C4657428913E
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKPK0wEQmJDhlwIYidrZpgEwAQ&v=APEucNXMEyksHAlJYapfnfzplE0JoQmYAxSpG_YPyYS6mj4ZBItjMuK5cCbQNfFhjizKkbh-K7On9GFwJocDhkuCslfPe3NSWBijb20cfZZLsfcYL2qz_oxfb6CP-wmBQykttZQJuYKMBGTg8BDMMCS5G0_AcOQQNWxvvXMjMIIkTK726rqucXPMUEJj_rxxgjtt3044hKfSooZJgVaBmQvpFUEals4doky6dJSYDYYTzLooNs6Z8uw
Frame ID: 7D3F3A39613595C2E6D238B40CCA9326
Requests: 5 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=1534696EF116414941118610276&cicmp=1337627&cijs=1&dast=V7gCQCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHG7HajGbL2YrGWMxGi9FyNBhOVpvlcjbbLGFiFovFaLhajcaaxWIxmsxWwykYbOFzurvbwIGm0-Fz3et1v99d5HCanW-H02zX-O2qr18OAAAAAA8ARC3REDu-De0RAAAAABI8I9cKFAEV_xYCFwAAAAAYAARi4RoADRwG9nTZ7Q5_AAA8FIAAAAhghAC40IuLAAAAAIwAAAAAkAAIJBaWADjcLZoAAATk3WyIp54AAAAc1Mk8bbP8____xwDkvTfJAFCkbdwY9AA8-AA8CAEAAFwMhZMBIF2v-u0QFSQWMQIAAADI2kUVP5rUCZVF1f___78VwBUAQEDezYY4ddbNSTFrGAAAAMDYAj0sfr_ZYdf43S77_________zf7PwNAEwK6VkgLEqwfVuMZuVZY-wUEAGB7NwCAtwC4mAOwAwAAALj7____zwMAAFjZo2R7rcazR1nvM9jC53R312_CFqPVZLJZDmfLxWQwHA1Ho_0J4HKAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE5yQ4WgzWY12q91kOZyMRrPNZIMUrVrNRpvBcDWbzHa71XAwXI5GSNGaxWwyWcxGy91msJyMBsPJcIgHVefS-bw6Hx1wOVcMd3PFbDiXTGarBAAAAAAAAACwhCnzJgAAAACnQcxmk91uxY03eyaItVotawAAAABu3cgB!&excid=22&tst=1&docw=0&cs=false
Frame ID: A9182D4034482C732B824672E7873662
Requests: 1 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=3213FBA134136506634936733&cicmp=1337627&cijs=1&dast=V7qNQCFgNtXNVOGK3ETQRtXNVOGK3ETQUAAAAGBugHGTNZbGYUBmMzWmxmq8FqNRuNFsPRcjgFgy18Tnd3GzjQdDp8rnu97ve7ixxOs_PtcJrtGr9d9fXLAQAAAOABgKglGmLHt6E9AgAAAECCZ-RagSKg4t9C4AIAAAAAA4BALFwDoIHDwJ4uu93hDwCAhwIQAAABDBIAgcTCEgCHu8UTAACAgzqZp22W_____xiAvPcmGQCKtI0bgx6ABx-AByEAAICLIbl0DYjcTLNGooLUIkYAAAAAWbuo4keTOqGyqPr___-3ArgCAAjIu9lg18m6OSlmDQMAAAAYW6CHxe83O-wav9tl__________9m_2cAaEJA1wppQYL1w2o8I9cKa7-AAABs7wYA8BYAF3MAdgAAAAB3_____3kAAABhe5Rsr9V49ijrfQZb-Jzu7vpN2GK0mkw2y-FsuZgMhqPhaLQ_AVwOcCIGy-VkspjsVqPVaDPcjWaDBQrEYIITMhxtJqvRbrWbLIeT0Wi2mWyQolWr2WgzGK5mk9lutxoOhsvRCClas5hNJovZaLnbDJaT0WA4GQ4R5ja-1WY38qwVm8FqLdoYR26Fw-ZZKwwr48ziW9hWzoVb9PqYfsOFxTNc-dEBl3PFcDdXzIZzyWS2SgAAAAAAAAAAS5gybwIAAABwGsRsNtntVtx4s2eCWKvVsgYAAADg1o0c!&excid=22&tst=1&docw=0&cs=false
Frame ID: 39711E7E4FD06FCA084386FDD89C2E94
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDvo7YCGPGUkl8wAQ&v=APEucNX6-Uq2xv8ESelvrCMeI0JP959dDE65bLsLlOLpelDw-E1zPGq_YD96LZX_1hqTa3mZkRwXKXgljv5N_No3s7FhEtYHeb6YJcqb2pykHvwTj5UiLbR45f6ICM52tJV6XahufVkqEjWmcLbG16ROU3nrEe6RT8vzH0hMwA18hGEJ08GyWpEF7RUXTOjqDk_7qMJFZ2lwx4JpeKVw6DObJ34RNBfJ3Ws0rDATaNhUFMyYWN-aT0Y
Frame ID: 1FE893455A733DA95EB5251B736514EC
Requests: 5 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=undefined&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9D1FBA8A03326343833709859&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: 6B063D821460CA836B97F5C3C708614E
Requests: 5 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: C4E59CE9F97AC8F06056123F55E400D9
Requests: 5 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2557603070289758507
Frame ID: 2C98B1E454CE30BE70C63D23DD6D5B9E
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 5D35F019835407AB5634E89D42E06840
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/9053774/1616753578552/index.html
Frame ID: A46B4282C022497767BEFFB4D909A0CA
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
Frame ID: ED171367AEAB2C721D235FBE39C9707A
Requests: 14 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.5.js
Frame ID: 5029C7D8950F542CC69EB3E0272D58DA
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.5.js
Frame ID: 0D25B2E26B25D62D74556505E7684F5D
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/10388772/1619617588040/index.html
Frame ID: 14F256A4F57C9C225E85E4DA6ECABE89
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F145F5C1E0500B3D328272E060C2FB67
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3860A94D3DA974EA4BD9997BDCE38185
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 80543070E15BA0F2D855FD874EDC202E
Requests: 9 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Frame ID: 2CBD12040A4ADC2CFABD4E2A65DE6C97
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Frame ID: 6118C049208B8ABF0454FA3E45DBFE83
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2D8E1BF1CEF080C232AA414F1E19807A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1D1DEC8FC1B9C4BA700E69196A5ACAD6
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2
Frame ID: 659D475191A3AF451F06F06A4436FEBD
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7F77EFE53ACF071FD1A3CADB4AAB5B62
Requests: 8 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.dailymail.co.uk
Frame ID: 3A398501C225519DC499A232ACD40AA7
Requests: 1 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: 2A3F3319DB4C3E9DA6524CD4D7E22A49
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: C8020B16C7448D77BE67C38264539F52
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06... Page URL
https://info.silobreaker.com/events/public/v1/track/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV... HTTP 307
http://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-t... HTTP 301
https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-t... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

539
Requests

97 %
HTTPS

26 %
IPv6

85
Domains

157
Subdomains

110
IPs

10
Countries

6632 kB
Transfer

18573 kB
Size

8
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://discountcode.dailymail.co.uk/
Title: Discounts

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/argos
Title: Argos

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/ao-com
Title: AO.com

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/river-island
Title: River Island

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/groupon
Title: Groupon

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/debenhams
Title: Debenhams

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/wayfair
Title: Wayfair

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/very
Title: Very

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/ebay
Title: eBay

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/boohoo
Title: Boohoo

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/nike
Title: Nike

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/currys
Title: Currys

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/virgin-media
Title: Virgin Media

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/asos
Title: ASOS

Search URL Search Domain Scan URL

URL: https://discountcode.dailymail.co.uk/tui
Title: TUI

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=dailymail-row&utm_medium=referral&utm_content=autosized-generated-text-under-1r-row:wide:
Title: by Taboola

Search URL Search Domain Scan URL

URL: https://affluenttimes.com/pop-culture/sporting-elite/stabhochspringerin-harmloses-foto/?utm_source=Taboola&utm_medium=CPC&utm_content=dailymail-row_1001083&utm_campaign=1018168_Affluent-Times_Test-Intl-Aut-De-Diese-Junge-S_AT_DESKTOP_MM&utm_term=9535715&c=0.039&l=a&o=2-3
Title: Affluent Times

Search URL Search Domain Scan URL

URL: https://rfvtgb.novelodge.com/worldwide/baddr-ta-ge?utm_medium=taboola&utm_source=taboola&utm_campaign=ta-nl-baddre8-des-at-ag-10021p&utm_term=dailymail-row&utm_bid=Y7VqL5iAmMbaA0bbdkcxXYsJ26gdboCZW30zczvgDG0=
Title: Novelodge

Search URL Search Domain Scan URL

URL: https://www.inpixio.com/static/lp/photostudio/DE/?tracking=INPIXIO_GERMANO_PP_TB_PSTUDIO11&campaignid=Taboola_IPX&filter=INPIXIO_GERMANO_PP_TB_PSTUDIO11&keyword=SeagirlV2&clickid=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSD41T8o1oKsnavW5uqrAQ&tblci=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSD41T8o1oKsnavW5uqrAQ#tblciGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSD41T8o1oKsnavW5uqrAQ
Title: Advertisement inPixio

Search URL Search Domain Scan URL

URL: https://rfvtgb.restwow.com/worldwide/nomake-ta-ge?utm_medium=taboola&utm_source=taboola&utm_campaign=ta-rw-makeup-des-1-at-ag-27021d&utm_term=dailymail-row&utm_bid=BNYdzkd6bXxbHs9LDM4rHu-Eb0YlyJaRUiiv2JhOUbo=
Title: Rest Wow

Search URL Search Domain Scan URL

URL: https://www.travelden.co.uk/top-20-places-you-should-never-swim/?utm_source=taboola&utm_medium=cpc&utm_term=dailymail-row&utm_content=2851709173&utm_campaign=NeverSwimPlaces-Global#tblciGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCpt0Mo3N_z64bAyJoH
Title: Travel Den

Search URL Search Domain Scan URL

URL: https://risiken-und-nebenwirkungen.com/so-haben-es-diese-11-stars-geschafft-ihr-gewicht-zu-reduzieren/2/?utm_source=t&utm_medium=dailymail-row&utm_campaign=6782001&utm_content=2937778116&tblci=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSDcrE8o0PT00YjQ2t8F#tblciGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSDcrE8o0PT00YjQ2t8F
Title: Risiken und Nebenwirkungen

Search URL Search Domain Scan URL

URL: https://www.sarahsblessing.de/vienna.php?utm_source=taboola&utm_medium=referral&utm_campaign=Vienna+SB+Desktop+Broad&utm_content=2986213500&tblci=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSDxv08ot7CM3dzwkpXdAQ#tblciGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSDxv08ot7CM3dzwkpXdAQ
Title: Sarah's Blessing

Search URL Search Domain Scan URL

URL: https://marketing.net.brillen.at/ts/i4211475/tsc?amc=dis.brillende.44231.353452.135973.desktop_cid=10129305_aid=2994332997&smc5=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCVvEEoz9bf4_Kxkf3gAQ&tst=!!TIMESTAMP!!&utm_source=taboola&utm_medium=referral&tblci=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCVvEEoz9bf4_Kxkf3gAQ#tblciGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCVvEEoz9bf4_Kxkf3gAQ
Title: brillen.at

Search URL Search Domain Scan URL

URL: https://track.netofclicks.nl/149676ac-e123-4618-8231-98b765504c14?sbtag=SB000000001331899&utm_source=taboola&utm_medium=referral&campaign={campaign}&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F01f45f08606bf41033e5ed343dd24422.png&title=Wir+suchen+250+Personen%2C+die+ein+100%25+unsichtbares+H%C3%B6rger%C3%A4t+kostenlos+ausprobieren+m%C3%B6chten%21&site=dailymail-row&click_id=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCgw1Eo6tbWhtWm6aUz&tblci=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCgw1Eo6tbWhtWm6aUz#tblciGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCgw1Eo6tbWhtWm6aUz
Title: Social Blue

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=dailymail-row&utm_medium=referral&utm_content=thumbnails-b:Below%20Article%20Thumbnails%202nd:
Title: by Taboola

Search URL Search Domain Scan URL

URL: https://bredings-person.com/92f77ffc-0bfe-4c90-8796-d2f2472c94a5?utm_source=tb&utm_campaign=tbpilze_dk_at&utm_term=dailymail-row&utm_content=2986054137&t=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCx2lEog_m9z9n0mp_dAQ&a=tb&tblci=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCx2lEog_m9z9n0mp_dAQ#tblciGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSCx2lEog_m9z9n0mp_dAQ
Title: Pilz Research

Search URL Search Domain Scan URL

URL: https://www.obi.at/pages/bosch-diy?wt_mc=da.media.2021_ofmg_boschgruen_atino_traffic.taboola.nativead_v4_farbige_waende&wt_cc6=awareness&tblci=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSD_gFQohZbW_4zbtMMy#atino
Title: OBI

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/dailymail-row/log/3/click?pi=%2Fwires%2Freuters%2Farticle-9539403%2Fbrazils-itau-beats-estimate-lower-provisions-trading-gains.html&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&it=text&ii=~~V1~~-6920117224991537703~~LyCnVSgj8lhsjdq1FdwkykdKpCxp_ht8Eii9kg-0pu3TxvAnL2wqac4MyzR7uD46gj3kUkbS3FhelBtnsiJV6MhkDZRZzzIqDobN6rWmCPA3hYz5D3PLat6nhIftiT1lwdxwdlxkeV_Mfb3eos_TQf5RXYSJUK4PlaDhkgdjixRk-zmgoc8ZzrPtMusOJ5Q5E3CUSuo3jd8UaYPholur3z1qZKCc0kmMmRozKUlYLrus4e1A_YD7yA6c3JB084-R&pt=text&li=rbox-t2m&sig=d3177bfa61951d8f31ccc2728bc6a58ea46d5c659db0&redir=https%3A%2F%2Fwww.obi.at%2Fpages%2Fbosch-diy%3Fwt_mc%3Dda.media.2021_ofmg_boschgruen_atino_traffic.taboola.nativead_v4_farbige_waende%26wt_cc6%3Dawareness%26tblci%3DGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSD_gFQohZbW_4zbtMMy%23atino&vi=1620127240934&p=ofmg-boschgruenatino-at-sc&r=81&tvi2=766&lti=deflated&ppb=CB4&cpb=EhMyMDIxMDUwMy0yNS1SRUxFQVNFGKUDIIjnDSoWdGFib29sYXN5bmRpY2F0aW9uLmNvbTIId2F0ZXIwNjA4gNDuzQVA6ZkHSP-FEFDlhtgDWP___________wFjCKADEP4FGAJkYwj-FhCKIBgTZGMI3f__________ARDd__________8BGCNkYwjcChCgEBgWZGMI0gMQ4AYYCGRjCJYUEJ8cGBhkYwjIHBDCJxgZZGMI9BQQnh0YH2Q&cta=true
Title: Mehr erfahren

Search URL Search Domain Scan URL

URL: https://www.inpixio.com/static/lp/photostudio/DE/?&tracking=INPIXIO_GERMANO_PP_TB_PSTUDIO11&campaignid=Taboola_IPX&filter=INPIXIO_GERMANO_PP_TB_PSTUDIO11&keyword=SeagirlV2&clickid=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSD41T8okNqX7qLFuZFS&tblci=GiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSD41T8okNqX7qLFuZFS#tblciGiB74xjtNd_9f1jpWH4OInUo9q7g5TdD3SHNmP5NEdEYWSD41T8okNqX7qLFuZFS
Title: inPixioAdvertisement

Search URL Search Domain Scan URL

URL: http://itunes.apple.com/app/mailonline/id400442503?mt=8&ign-mpt=uo%3D4
Title:

Search URL Search Domain Scan URL

URL: https://mailpictures.newsprints.co.uk/
Title: Reader Prints

Search URL Search Domain Scan URL

URL: https://www.mailonsunday.co.uk/
Title: Mail on Sunday

Search URL Search Domain Scan URL

URL: https://www.thisismoney.co.uk/
Title: This is Money

Search URL Search Domain Scan URL

URL: https://www.metro.co.uk/
Title: Metro

Search URL Search Domain Scan URL

URL: https://www.jobsite.co.uk/
Title: Jobsite

Search URL Search Domain Scan URL

URL: https://www.mailtravel.co.uk/?utm_source=mailonline&utm_medium=referral&utm_campaign=mol-nav&utm_content=footer&mailonline=footer
Title: Mail Travel

Search URL Search Domain Scan URL

URL: https://www.zoopla.co.uk/
Title: Zoopla.co.uk

Search URL Search Domain Scan URL

URL: https://www.primelocation.com/
Title: Prime Location

Search URL Search Domain Scan URL

URL: https://www.dmgmedia.co.uk/
Title: dmg media

Search URL Search Domain Scan URL

URL: https://www.dmgmedia.co.uk/about/dmg-media-leadership/
Title: Leadership Team

Search URL Search Domain Scan URL

URL: https://www.mailmetromedia.co.uk/
Title: Advertise with us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1 Page URL
https://info.silobreaker.com/events/public/v1/track/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1?_ud=d95a1c65-81a2-4e5a-a400-a6f25ea49909&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
http://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI HTTP 301
https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://swa.and.co.uk/b/ss/anddailymailprod/1/JS-2.9.0/s18906902529400?AQB=1&ndh=1&pf=1&t=4%2F4%2F2021%2013%3A20%3A38%202%20-120&fid=33940E2813915D97-3AC17759A1BDB276&ce=iso-8859-1&ns=associatednorthcliffedigital&cdp=3&pageName=%2Fwires%2Freuters%2Farticle&g=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQ&c.&gunther=17.14.0&fesbv=5.13.0&feabv=6.19.2&vbv=6.12.0&tag=fe_desktop_default&pushNotificationStatus=not_supported&.c&ch=dailymail.co.uk&events=event108%2Cevent2%2Cevent25&c1=%2Fwires&v1=D%3Dc1&c2=%2Fwires%2Freuters&v2=D%3Dc2&h2=dailymail.co.uk%2Fwires%2Freuters&c4=article&v4=D%3Dc4&c5=brazils%20itau%20beats%20estimate%20on%20lower%20provisions%2C...&v5=D%3Dc5&c6=9539403&v6=D%3Dc6&c11=Logged%20Out&v11=D%3DpageName&v12=D%3Dch&c13=%2Fwires%2Freuters%2Farticle&c14=New&v14=New&c15=%2Fwires%2Freuters%2Farticle&v21=D%3Dc23&v22=D%3Dc24&c23=2021-05-04&v23=D%3Dc25&c24=00&c25=Reuters&v25=D%3Dc27&v26=D%3Dc28&c27=2021-05-04&v27=D%3Dc29&c28=13&c29=direct&v31=D%3Dc33&c33=%2Fwires%2Freuters%2Farticle&c37=DE&c38=%2Fwires%2Freuters%2Farticle&v38=D%3Dc38&c44=D%3Dg&c46=17.14.0&c47=adBlocker%20off&v49=%21-%21EXT%21-%21&v50=D%3Dg&c51=Clicked%20a%20link%20or%20entered%20a%20URL&c53=direct%5Edirect%5Edirect&v54=NoInstart&c57=66680717&v57=D%3Dc57&v58=Guest&c59=1%5E1%5E1&v59=D%3Dc59&c65=Desktop&v65=Desktop&v67=dd919995-8f08-42e3-9b20-dd91ae70b6d8&v70=default&v96=67%3A0%3A9%3A7%3A9%3A21%3A21&v105=wv%3D1%2Cco%3D0%2Cdk%3D1%2Cdv%3D1%2Chu%3D0%2Cnz%3D1%2Cdw%3D1%2Cwb%3D1%2Cwi%3D1%2Cfr%3D1&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&-g=m0ActbXdvI&AQE=1 HTTP 302
https://swa.and.co.uk/b/ss/anddailymailprod/1/JS-2.9.0/s18906902529400?AQB=1&pccr=true&vidn=3048970469A6D00B-600013F56414F9B1&ndh=1&pf=1&t=4%2F4%2F2021%2013%3A20%3A38%202%20-120&fid=33940E2813915D97-3AC17759A1BDB276&ce=iso-8859-1&ns=associatednorthcliffedigital&cdp=3&pageName=%2Fwires%2Freuters%2Farticle&g=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQ&c.&gunther=17.14.0&fesbv=5.13.0&feabv=6.19.2&vbv=6.12.0&tag=fe_desktop_default&pushNotificationStatus=not_supported&.c&ch=dailymail.co.uk&events=event108%2Cevent2%2Cevent25&c1=%2Fwires&v1=D%3Dc1&c2=%2Fwires%2Freuters&v2=D%3Dc2&h2=dailymail.co.uk%2Fwires%2Freuters&c4=article&v4=D%3Dc4&c5=brazils%20itau%20beats%20estimate%20on%20lower%20provisions%2C...&v5=D%3Dc5&c6=9539403&v6=D%3Dc6&c11=Logged%20Out&v11=D%3DpageName&v12=D%3Dch&c13=%2Fwires%2Freuters%2Farticle&c14=New&v14=New&c15=%2Fwires%2Freuters%2Farticle&v21=D%3Dc23&v22=D%3Dc24&c23=2021-05-04&v23=D%3Dc25&c24=00&c25=Reuters&v25=D%3Dc27&v26=D%3Dc28&c27=2021-05-04&v27=D%3Dc29&c28=13&c29=direct&v31=D%3Dc33&c33=%2Fwires%2Freuters%2Farticle&c37=DE&c38=%2Fwires%2Freuters%2Farticle&v38=D%3Dc38&c44=D%3Dg&c46=17.14.0&c47=adBlocker%20off&v49=%21-%21EXT%21-%21&v50=D%3Dg&c51=Clicked%20a%20link%20or%20entered%20a%20URL&c53=direct%5Edirect%5Edirect&v54=NoInstart&c57=66680717&v57=D%3Dc57&v58=Guest&c59=1%5E1%5E1&v59=D%3Dc59&c65=Desktop&v65=Desktop&v67=dd919995-8f08-42e3-9b20-dd91ae70b6d8&v70=default&v96=67%3A0%3A9%3A7%3A9%3A21%3A21&v105=wv%3D1%2Cco%3D0%2Cdk%3D1%2Cdv%3D1%2Chu%3D0%2Cnz%3D1%2Cdw%3D1%2Cwb%3D1%2Cwi%3D1%2Cfr%3D1&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&-g=m0ActbXdvI&AQE=1 HTTP 302
https://sb.scorecardresearch.com/r?c2=6034964&d.c=gif&d.o=anddailymailprod&d.x=7951644715&d.t=page&d.u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI HTTP 302
https://sb.scorecardresearch.com/r2?c2=6034964&d.c=gif&d.o=anddailymailprod&d.x=7951644715&d.t=page&d.u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI

Request Chain 27

https://sync.sxp.smartclip.net/sync?type=red&dsp=10 HTTP 302
https://sync.sxp.smartclip.net/sync?type=red&dsp=10&ang_testid=1

Request Chain 35

https://js.spotx.tv/directsdk/v1/234272.js HTTP 307
https://aka.spotxcdn.com/integration/directsdk/v1/directsdk.js

Request Chain 83

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://ib.adnxs.com/prebid/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=a3fd7c73-1468-4a2b-a3c1-b6278455249a

Request Chain 102

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2087108480&utmhn=www.dailymail.co.uk&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Brazil%27s%20Itau%20beats%20estimate%20on%20lower%20provisions%2C...%20%7C%20Daily%20Mail%20Online&utmhid=243478839&utmr=-&utmp=%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&utmht=1620127240891&utmac=UA-3639451-1&utmcc=__utma%3D141568423.1471772633.1620127241.1620127241.1620127241.1%3B%2B__utmz%3D141568423.1620127241.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=850261458&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3639451-1&cid=1471772633.1620127241&jid=850261458&_v=5.7.2&z=2087108480

Request Chain 115

https://pr-bh.ybp.yahoo.com/sync/appnexusprebidserver/?gdpr=0&euconsent=&us_privacy=&url=https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Dbrightroll%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://ib.adnxs.com/prebid/setuid?bidder=brightroll&gdpr=0&gdpr_consent=&uid=y-NyMyAexE2pGQfNpgHLIvsIGQTOefuoFPCVBlkkIuLpVQvrX8U1bCVfI-~A

Request Chain 143

https://sync.search.spotxchange.com/partner?source=dados HTTP 302
https://sync.search.spotxchange.com/partner?source=dados&__user_check__=1&sync_id=c38893f5-acca-11eb-b61c-1d7abbad0206

Request Chain 157

https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1

Request Chain 158

https://id5-sync.com/i/167/9.gif?gdpr=&gdpr_consent= HTTP 302
https://id5-sync.com/c/167/0/9/1.gif?gdpr=1&gdpr_consent=

Request Chain 187

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 188

https://u.openx.net/w/1.0/pd HTTP 302
https://u.openx.net/w/1.0/pd?cc=1

Request Chain 191

https://eu-u.openx.net/w/1.0/pd?plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1

Request Chain 193

https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1

Request Chain 194

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 197

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_test=YJEuDQAAsaDrUgAC

Request Chain 198

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true

Request Chain 199

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1

Request Chain 201

https://x.bidswitch.net/sync?ssp=themediagrid HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid

Request Chain 202

https://ssum.casalemedia.com/usermatchredir?s=185638&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
https://ssum.casalemedia.com/usermatchredir?s=185638&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 HTTP 302
https://mfad.inskinad.com/udb/9874/sync/i.gif?partnerId=1&userId=0

Request Chain 223

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=921ba70e-5eaf-4f68-bb63-c4e7c4b059cf HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&tbid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e&query=taboola_hm%3D921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&isDirect=0

Request Chain 224

https://u.openx.net/w/1.0/sd?id=543998486&val=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent= HTTP 302
https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent=

Request Chain 227

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc HTTP 302
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=3gMRmb9HwCig&ev=1&orig=trc&pid=562107

Request Chain 229

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEL21ACjcVX0JEQiqI5uaZoU&google_cver=1

Request Chain 231

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e

Request Chain 232

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=eb8533d2-1e25-41bd-a0b5-cebadffa8191

Request Chain 233

https://ce.lijit.com/merge?pid=42&3pid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=42&3pid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

Request Chain 237

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=9c01e486-cba9-411b-b5f1-b3eaf987b0f7

Request Chain 238

https://id5-sync.com/s/464/9.gif?puid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/c/464/464/7/1.gif?puid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=1&gdpr_consent=

Request Chain 239

https://s.c.appier.net/taboola HTTP 302
https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=z52_WKCXC-WoYYmDEC6RYA

Request Chain 241

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=0&user_id=&ssp=taboola HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=409&expires=14&user_group=0&user_id=&ssp=taboola HTTP 302
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=d24c64d4-6c49-4fb0-8554-8aa4ef6edab9

Request Chain 242

https://r.skimresources.com/api/ HTTP 307
https://r.skimresources.com/api/?xguid=01F4VHQTGDMY83P3ZWTJCVMECS&persistence=1&checksum=5867bf4d37cb48c7bd0965e4cfff82f61a0a17c38fd96e5d69c99876af1f5985

Request Chain 256

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuC_4uv_Ur8R46BEnRSgAABKoAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuC_4uv_Ur8R46BEnRSgAABKoAAAAB&dcc=t

Request Chain 257

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDbcyFaYg67XSqAArUkdzk0&google_cver=1

Request Chain 259

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJEuC_4uv_Ur8R46BEnRSgAABKoAAAAB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEL0A5WL7asU__uknhEA7fSo&google_cver=1

Request Chain 261

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1 HTTP 302
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

Request Chain 262

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7396079597595942817 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7396079597595942817&C=1

Request Chain 263

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6734136471924624072&uid=Q6734136471924624072&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 297

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 301

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=74fc6091-2e10-4200-9df3-49d8458de59d

Request Chain 302

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=64Ko0O_XoNHwi_fQ5IC817-A99Xw06nT7op_8OmE

Request Chain 303

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2965476366224638181 HTTP 302
https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=2965476366224638181

Request Chain 306

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEkou2-BFQeJJgx1J02C6tU&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEEkou2-BFQeJJgx1J02C6tU&google_cver=1

Request Chain 307

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=5a016091-2e10-4300-b624-bf16c58fb3f0

Request Chain 308

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=0JKUeNTHnHnLm8gr1JCAfoWSzCjLkpQq1cH8vJSf

Request Chain 309

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1349619796664030756 HTTP 302
https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=1349619796664030756

Request Chain 312

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK_xBlVlSPuaXQRVZJyh14U&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEK_xBlVlSPuaXQRVZJyh14U&google_cver=1

Request Chain 325

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEAAUdG_Eo9vnSx8mbUeqMbE&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1

Request Chain 326

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/sync/google/demand?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D&google_tc=

Request Chain 328

https://pr-bh.ybp.yahoo.com/sync/triplelift/2836512862482067061?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-tVKaYehE2oRJTTLR5CuOHYPdC7rNr5ipPBCeREcZEg--~A&dongle=0883

Request Chain 329

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=1%26gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3335&xuid=3668742791086096242&dongle=4d58&gdpr=1&gdpr_consent=

Request Chain 330

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2836512862482067061 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2836512862482067061&dcc=t

Request Chain 331

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 335

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEPqoDMzp488RTUpHq1WqQ0o&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1

Request Chain 336

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/sync/google/demand?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D&google_tc=

Request Chain 338

https://pr-bh.ybp.yahoo.com/sync/triplelift/2836512862482067061?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-uIDkmrhE2oR6JqHn7c4cm0vK1YXz57.4omNgWaLc9w--~A&dongle=0883

Request Chain 339

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=1%26gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3335&xuid=3668742791086096242&dongle=4d58&gdpr=1&gdpr_consent=

Request Chain 340

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2836512862482067061 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2836512862482067061&dcc=t

Request Chain 341

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 344

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuDBaoH_6AHlDqOKDgawAABHEAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuDBaoH_6AHlDqOKDgawAABHEAAAAB&dcc=t

Request Chain 346

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YJEuD.nVy5V1IJwfNNfOrAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiN6EQMa5Tj_W5dz0mkBGg&google_cver=1&google_hm=2 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiN6EQMa5Tj_W5dz0mkBGg&google_cver=1&google_hm=2&C=1

Request Chain 347

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJEuDBaoH_6AHlDqOKDgawAABHEAAAAB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEEnWoc8Ntm02QCWHH3QhyNY&google_cver=1

Request Chain 348

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1 HTTP 302
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

Request Chain 351

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=7EC00AF41972439885E1EFB414249DD8&gdpr=1

Request Chain 381

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2557603070289758507

Request Chain 383

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=5dcKwGs2TpinMolPwEpF9g%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 385

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=E5D70AC0-6B36-4E98-A732-894FC04A45F6&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=E5D70AC0-6B36-4E98-A732-894FC04A45F6&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 386

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E5D70AC0-6B36-4E98-A732-894FC04A45F6&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E5D70AC0-6B36-4E98-A732-894FC04A45F6&gdpr=&fbounce=1

Request Chain 387

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTVENzBBQzAtNkIzNi00RTk4LUE3MzItODk0RkMwNEE0NUY2&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 388

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMzRaFTcc899LO_QwySSGGg&google_cver=1

Request Chain 390

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=

Request Chain 391

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2965476366224638181

Request Chain 392

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:74fc6091-2e10-4200-9df3-49d8458de59d&gdpr=0&gdpr_consent=

Request Chain 393

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3668742791086096242&gdpr=0&gdpr_consent=

Request Chain 409

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YJEuE8YfgISJuOuMzzxJpwAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1

Request Chain 410

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB&dcc=t

Request Chain 411

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEFgaoNNg0buejTbgGW_qios&google_cver=1

Request Chain 413

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=0171E87C97A7480AB3297DD312E7A6AF&gdpr=1

Request Chain 415

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=063022040013a29e80bc1b95&expiration=[EXPIRATION]&gdpr=1

Request Chain 418

https://fw.adsafeprotected.com/rfw/bgd/356285/40083639/xbbe/creative/adj?p=APEucNX9XxeUIKzF8tbMadUKHdp08EfsVDr_cXhrDr4Uzy-qlQ585As&d=CnkAoCZ_4PGewg6aNdfSszIgdtYKHkpTByq1tBHSsp0c2y2ihcERLDj2_ShfcYCoiWx0nSS8lGX-1TzuBMb6LLGKtupjl1I1-JZvqFJF1l6HeGsW5_KEXY8kVgIZdffAVLuOXDjpiEx-0WVLlNEcTdiRWmteZI12nc_EEskRAKAmf-BnJ65XSzjHKMuhQ-kYow_-qW9nQcjM1ajtAak18QB-uSD32VRRGoFF8t9ilH4xtjn6wCNqbrQT9o6Y6MK-w1qFKUEdvpjjjwPG4diEO3SXgK9IWWBkH5mLDt1Nghe7e59iKN8dhqo1gMV_ZIBmEHXcFdZUAnQP5QxGa1eY5MHlRawb3KbR5AxHXELLGRSIHJyC9HtNUNCxcoHJbhSxIKU3_J3JNv5dfmggUcMTCJLZ3kqAzR9YjI_GmP72KrnN0BhBRJtrWqu4TSdn4lBEhqwxqIzzLKj2O_aiCPjYUkyVQpfhNzl2hl7Ea4cVRIpqOlVYSc-3qqGpagE5k0JLJnxHXIarPfG40Zw2F9nFggK0O91v29l513k9G2T0d5OD7mHHsPUIJLlpDH_lLSMSxvjJ5dS8yzuoeQzCIY8ilkcbwnW0njTEDPGAIR8b43YbeZmjLz9-PkM6aeIq0VZRZxwmU7vjHSAy5AGe-Ljjri8cqkakKNl2oW4XasQAD1DJi8i2fdH2nrzbQadmkwEbMKf83vym2YoPvNX1eowz9gNudPX0RfMSpu2-sB4mbn0QyO6T1GtC2qF2w3ePf-LHSMsPmyILsbwCz4E68oYQ3RMKeH0nbMehqqhouMfwtQlNpm41zBeb7R6xj2MoVBlc_L23VWNwKs9oNgTEvHcUe6QhRKbbHVtke9xTQ5zDvKHeRKtDMrCFMyR0dWLpNGe9blNs1S2B1DucwjKAMGD-ons7yy9CNFoDddxwoReofX5AA81ZAcnNfGJtizhFbbxcudcP0Dz4ZHM9MQYQBevp-TFIjwnhR1ZXvEnCwug94-YNHOhipcKzvjB9g26KWAJ6v4QpLZWVT7Kx_m-DqR3WRDAAvWPyD--sn5v17lybfYiBMQSJce-Le0qLlB7yTNQi5wNeINlGLPtJS3Z2fVUt5sAiSu8kJJ_ibX6DXhe5DcR3p4jJlmWy2xp8ZaxqkdgSGxY_eMqPhvBZxXzZzoYDjTy6c52ACWa6ikuBtgWxLu3sws1JX0AneGGK_h3Kp9yD_9lEue4Iurm2KobWVAh-T9mQDIYvG5WbMqbGsHFkMzP47dXB3r-5xNPiGYqrBHN9geV1n-dlScyZYUn02c8Ux3c9VXQp6igF6ZOHR71pZ1iobeOGhMwkaQx7FINLbE60KnjewhSsI0q4BK7PiNIE-gQnVqsqW-WScy2O-J6-laKVe1mhaPlVG0URociZVn3DtKlg2ayZ0zNquwVDATk9LfbKLx8YYHucxuUn9QR-J-S6qh3JipwbzRakVNtT2wDhADHLaUgIWMG75PIgzA6ucJrpf-PM6pj58iaBXO4PYbf_vswSTjvqvcuEltKJel4jAaHHCwYX4l4I_3LG7j0o-7Frb0_RmMo1vka8t9-U8aE5iQb0cEranfwtudabUt-JaFfagFeoXZiUCHEmx-qUcc2nGGOJX3DHy0ZArHvNdLvVugAgzaBU8ZKZKZNLXqsLL-4h86BxswQOzYzd946JG3AMhr3bWhyOXNjf6kaM4jemIYpE6IfE7kTlsG5zfwtNyGclAMDDhDeoer0V4c0gUoq_YQIsMSQcS9AraBZi_NmTOV8pSju0U_aueA-XHEJtSp6uRCIrSIwn-KNEevuzHGTgv6W5ZLGhvGCSzPsmUbLwrDiHmcc1GduMOrLdJPaUUKGsy8FgyABkMDRi0UNQWuz9r-yLnY1wZCqru_rc_jzi5_c5g4mPSu7W3TCs6g_yFZAgA1zgbTMJx264oDFKLo0T2pGRDQwgLC1SPpScotZUoqFwOHKCnbbD5C7JJAzDPYDywyaroblKAVrzuHG93qBYiu4FAvk7d-Xkb52zigMNpgp97vVFOGdw3ugGvncfc2WhyM7vvILTQQvsM7zw7MmIdGYlPaU3jzMmT8fGQIvp7uzb5O1JVgHTBRvhq_1DgvK4ues5NYV2A3cV9RuQ-hAOlolIE0ZJhwu6T4iKRwqdNVRVHyOFK9NNu3vCntKUYQJB8nfrw_thCBHdjJDe9fjvIinot6_OobG_tuhQxCO_ocCefqIySVc_mHIDcuJbRRUC_3zZGuIENAwjSnKqFEdBYpvQzmKctk6sPVGG16PhU8gUl-EIeirnl5tjmf-4nL078NbkrpEiAKyiu1tUqtRLYzig_UrkmPgVf-zdCPBPfQ06f705EMwB9tJ_ewMLFAglnjlHlzfB8TM8cjJvB7_-NWKe6OVGjhyBasxhyhlOdMSaTUfdF3eFizDy8zSHQoFvlLY98McW08mLYpEazssgqSk7O2tR4v_edB0Ugl49CCdKiFqkhAzIn6BZW24mwMcuXxkmGDR05esYpygUJB_YiUEEyuHNR5OVOaasTUij3UZxRexl8-c1vUnJWRhpif-FJoj2PLFx7Pgg8GStf8EEiI12FpmZNr5DLEs7NgwkCmZkuAXGewVFctyWWobEr86MzmyzE-fYd3oeEPoj4cBN_wnMizTQTpSdcgGa2VmQ8nSgnNCmYfj142yzb3nIrXbu3J4oH_c8vgKNSc-Gg-Vn8mt-gAfU2IwbnSryfIO_Lf_BnyKGhO61XpgVVinb8-8l_xs9l-T0nTXNVY7yOlgP5Lth8lhSQmeC32Gk6bfaJnp6TzvughzcjizwLOva9c0m3OsO6k2VeaSzav7P6Dd2_AZhMY5D_rbnGP1779lPyfaWovYM5OHaR9Jp-EByRpm-8yQ5BPQgz_narXiM0scwUC4d0L4PMgjUkJ9jfK9YERo0vB-f4KXUZ0YIySG-PXvu1KSmZyZhl1t_PXMyaoNMAq9bOYtlqj40UgkiSpixG85Cu3iDfu7IZqAYZ1RMWGxWOZkx1n_2noFP4OFxi0jxgP5dPWikLN34GEAzehES4CIb73VwyN8jzAo8z0_r0HTjNVe2rafIVRTQG5n973GZ-PFgG7BH3r9IGGsIvCvzCEzad0ywSBqCKV6AJ8Bv2Nvnloofwb-PvI7vDYm34_EL5dgVvd0aFggAEhLkaOhqI9tJNe5myqFwQsW0dxBgAQ&adsafe_url=https%3A%2F%2Fwww.dailymail.co.uk%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fbabd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fbabd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:e9bfff48-8ffd-6e27-cc3f-113c4522f704,c:bEdb4L,sl:na,em:true,fr:false,mn:app16ie,pt:1-5-15,br:u,abv:na,an:n,oam:0,nbld:0,fm:swrmQYL+111%7C112%7C12%7C13%7C141%7C15%7C161%7C162%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1j1%7C1k%7C1l%7C1m*.356285-40083639%7C1m1%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v,idMap:1m*,pl:,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,thd:1,et:542,oid:c70aff46-acca-11eb-be56-067f141e2336,v:19.8.193,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNX9XxeUIKzF8tbMadUKHdp08EfsVDr_cXhrDr4Uzy-qlQ585As&d=CnkAoCZ_4PGewg6aNdfSszIgdtYKHkpTByq1tBHSsp0c2y2ihcERLDj2_ShfcYCoiWx0nSS8lGX-1TzuBMb6LLGKtupjl1I1-JZvqFJF1l6HeGsW5_KEXY8kVgIZdffAVLuOXDjpiEx-0WVLlNEcTdiRWmteZI12nc_EEskRAKAmf-BnJ65XSzjHKMuhQ-kYow_-qW9nQcjM1ajtAak18QB-uSD32VRRGoFF8t9ilH4xtjn6wCNqbrQT9o6Y6MK-w1qFKUEdvpjjjwPG4diEO3SXgK9IWWBkH5mLDt1Nghe7e59iKN8dhqo1gMV_ZIBmEHXcFdZUAnQP5QxGa1eY5MHlRawb3KbR5AxHXELLGRSIHJyC9HtNUNCxcoHJbhSxIKU3_J3JNv5dfmggUcMTCJLZ3kqAzR9YjI_GmP72KrnN0BhBRJtrWqu4TSdn4lBEhqwxqIzzLKj2O_aiCPjYUkyVQpfhNzl2hl7Ea4cVRIpqOlVYSc-3qqGpagE5k0JLJnxHXIarPfG40Zw2F9nFggK0O91v29l513k9G2T0d5OD7mHHsPUIJLlpDH_lLSMSxvjJ5dS8yzuoeQzCIY8ilkcbwnW0njTEDPGAIR8b43YbeZmjLz9-PkM6aeIq0VZRZxwmU7vjHSAy5AGe-Ljjri8cqkakKNl2oW4XasQAD1DJi8i2fdH2nrzbQadmkwEbMKf83vym2YoPvNX1eowz9gNudPX0RfMSpu2-sB4mbn0QyO6T1GtC2qF2w3ePf-LHSMsPmyILsbwCz4E68oYQ3RMKeH0nbMehqqhouMfwtQlNpm41zBeb7R6xj2MoVBlc_L23VWNwKs9oNgTEvHcUe6QhRKbbHVtke9xTQ5zDvKHeRKtDMrCFMyR0dWLpNGe9blNs1S2B1DucwjKAMGD-ons7yy9CNFoDddxwoReofX5AA81ZAcnNfGJtizhFbbxcudcP0Dz4ZHM9MQYQBevp-TFIjwnhR1ZXvEnCwug94-YNHOhipcKzvjB9g26KWAJ6v4QpLZWVT7Kx_m-DqR3WRDAAvWPyD--sn5v17lybfYiBMQSJce-Le0qLlB7yTNQi5wNeINlGLPtJS3Z2fVUt5sAiSu8kJJ_ibX6DXhe5DcR3p4jJlmWy2xp8ZaxqkdgSGxY_eMqPhvBZxXzZzoYDjTy6c52ACWa6ikuBtgWxLu3sws1JX0AneGGK_h3Kp9yD_9lEue4Iurm2KobWVAh-T9mQDIYvG5WbMqbGsHFkMzP47dXB3r-5xNPiGYqrBHN9geV1n-dlScyZYUn02c8Ux3c9VXQp6igF6ZOHR71pZ1iobeOGhMwkaQx7FINLbE60KnjewhSsI0q4BK7PiNIE-gQnVqsqW-WScy2O-J6-laKVe1mhaPlVG0URociZVn3DtKlg2ayZ0zNquwVDATk9LfbKLx8YYHucxuUn9QR-J-S6qh3JipwbzRakVNtT2wDhADHLaUgIWMG75PIgzA6ucJrpf-PM6pj58iaBXO4PYbf_vswSTjvqvcuEltKJel4jAaHHCwYX4l4I_3LG7j0o-7Frb0_RmMo1vka8t9-U8aE5iQb0cEranfwtudabUt-JaFfagFeoXZiUCHEmx-qUcc2nGGOJX3DHy0ZArHvNdLvVugAgzaBU8ZKZKZNLXqsLL-4h86BxswQOzYzd946JG3AMhr3bWhyOXNjf6kaM4jemIYpE6IfE7kTlsG5zfwtNyGclAMDDhDeoer0V4c0gUoq_YQIsMSQcS9AraBZi_NmTOV8pSju0U_aueA-XHEJtSp6uRCIrSIwn-KNEevuzHGTgv6W5ZLGhvGCSzPsmUbLwrDiHmcc1GduMOrLdJPaUUKGsy8FgyABkMDRi0UNQWuz9r-yLnY1wZCqru_rc_jzi5_c5g4mPSu7W3TCs6g_yFZAgA1zgbTMJx264oDFKLo0T2pGRDQwgLC1SPpScotZUoqFwOHKCnbbD5C7JJAzDPYDywyaroblKAVrzuHG93qBYiu4FAvk7d-Xkb52zigMNpgp97vVFOGdw3ugGvncfc2WhyM7vvILTQQvsM7zw7MmIdGYlPaU3jzMmT8fGQIvp7uzb5O1JVgHTBRvhq_1DgvK4ues5NYV2A3cV9RuQ-hAOlolIE0ZJhwu6T4iKRwqdNVRVHyOFK9NNu3vCntKUYQJB8nfrw_thCBHdjJDe9fjvIinot6_OobG_tuhQxCO_ocCefqIySVc_mHIDcuJbRRUC_3zZGuIENAwjSnKqFEdBYpvQzmKctk6sPVGG16PhU8gUl-EIeirnl5tjmf-4nL078NbkrpEiAKyiu1tUqtRLYzig_UrkmPgVf-zdCPBPfQ06f705EMwB9tJ_ewMLFAglnjlHlzfB8TM8cjJvB7_-NWKe6OVGjhyBasxhyhlOdMSaTUfdF3eFizDy8zSHQoFvlLY98McW08mLYpEazssgqSk7O2tR4v_edB0Ugl49CCdKiFqkhAzIn6BZW24mwMcuXxkmGDR05esYpygUJB_YiUEEyuHNR5OVOaasTUij3UZxRexl8-c1vUnJWRhpif-FJoj2PLFx7Pgg8GStf8EEiI12FpmZNr5DLEs7NgwkCmZkuAXGewVFctyWWobEr86MzmyzE-fYd3oeEPoj4cBN_wnMizTQTpSdcgGa2VmQ8nSgnNCmYfj142yzb3nIrXbu3J4oH_c8vgKNSc-Gg-Vn8mt-gAfU2IwbnSryfIO_Lf_BnyKGhO61XpgVVinb8-8l_xs9l-T0nTXNVY7yOlgP5Lth8lhSQmeC32Gk6bfaJnp6TzvughzcjizwLOva9c0m3OsO6k2VeaSzav7P6Dd2_AZhMY5D_rbnGP1779lPyfaWovYM5OHaR9Jp-EByRpm-8yQ5BPQgz_narXiM0scwUC4d0L4PMgjUkJ9jfK9YERo0vB-f4KXUZ0YIySG-PXvu1KSmZyZhl1t_PXMyaoNMAq9bOYtlqj40UgkiSpixG85Cu3iDfu7IZqAYZ1RMWGxWOZkx1n_2noFP4OFxi0jxgP5dPWikLN34GEAzehES4CIb73VwyN8jzAo8z0_r0HTjNVe2rafIVRTQG5n973GZ-PFgG7BH3r9IGGsIvCvzCEzad0ywSBqCKV6AJ8Bv2Nvnloofwb-PvI7vDYm34_EL5dgVvd0aFggAEhLkaOhqI9tJNe5myqFwQsW0dxBgAQ

Request Chain 423

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=9220702091918050347

Request Chain 424

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=372f6091-2e17-4700-9c2c-c760c0faef00&gdpr=1&gdpr_consent=

Request Chain 425

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB HTTP 302
https://pr-bh.ybp.yahoo.com/sync/casale/YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB

Request Chain 426

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1622719256

Request Chain 428

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=0171E87C97A7480AB3297DD312E7A6AF&gdpr=1

Request Chain 429

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=YgKkVEq81LDT6M5&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=YgKkVEq81LDT6M5&gdpr=1&C=1

Request Chain 431

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1

Request Chain 432

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJEuE8YfgISJuOuMzzxJpwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1&C=1

Request Chain 433

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDaLbWRNJjxl917yqm6d4c4&google_cver=1

Request Chain 434

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY2ODc0Mjc5MTA4NjA5NjI0Mg%3D%3D

Request Chain 435

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1

Request Chain 436

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJEuE8YfgISJuOuMzzxJpwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1&C=1

Request Chain 437

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDaLbWRNJjxl917yqm6d4c4&google_cver=1

Request Chain 438

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY2ODc0Mjc5MTA4NjA5NjI0Mg%3D%3D

Request Chain 441

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1--- HTTP 302
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=cb853ef4-acca-11eb-a5a6-1342c0320506

Request Chain 445

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1--- HTTP 302
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=cb998431-acca-11eb-9513-1e87ce780406

Request Chain 448

https://fw.adsafeprotected.com/rfw/st/677475/54035434/skeleton.js?adsafe_url=https%3A%2F%2Fwww.dailymail.co.uk%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fbabd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fbabd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:2a1dcd9b-be20-0a92-7296-dec78d7d6690,c:bEdbCe,sl:na,em:true,fr:false,mn:app35ie,pt:1-5-15,br:u,abv:na,an:n,oam:0,nbld:0,fm:swrmPNW+11*.677475-54035434%7C111%7C112%7C12%7C13%7C141%7C15%7C161%7C162%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1j1%7C1k%7C1l%7C1m1%7C1m2%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:11*,pl:,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,thd:1,et:7107,oid:c698dcd1-acca-11eb-abbc-0aac7e09174d,v:19.8.193,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 479

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP 301
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

Request Chain 480

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP 301
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

Request Chain 494

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECk6Y8AQCo6zf8GZLMkJfNw&google_cver=1&google_push=AQvitUK4bPixTtqb-m9nC3M9M9yhT_DK6TuD7ZEtXMxIfT8McnCaFZLMAF2DH7rQ2AK5nFYrio_7-mD_hpHPlKBaA1R2ahlqm7U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUK4bPixTtqb-m9nC3M9M9yhT_DK6TuD7ZEtXMxIfT8McnCaFZLMAF2DH7rQ2AK5nFYrio_7-mD_hpHPlKBaA1R2ahlqm7U&google_hm=29K7nk3ZSvu25m10QzVm_uI

Request Chain 495

https://rtb.openx.net/sync/dds?google_gid=CAESEFZdjG6P8Br5hlX2FsrbH-s&google_cver=1&google_push=AQvitULcVf6d7mpGVE8GKkubPd2lwXX5Jn30KBZhB2TcWjpNb0rZ_rqs0ZSV5c3wwse-hX0p8LS2CnDaowBr5CFt8uzY1XbpsO38 HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEFZdjG6P8Br5hlX2FsrbH-s&google_cver=1&google_push=AQvitULcVf6d7mpGVE8GKkubPd2lwXX5Jn30KBZhB2TcWjpNb0rZ_rqs0ZSV5c3wwse-hX0p8LS2CnDaowBr5CFt8uzY1XbpsO38&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULcVf6d7mpGVE8GKkubPd2lwXX5Jn30KBZhB2TcWjpNb0rZ_rqs0ZSV5c3wwse-hX0p8LS2CnDaowBr5CFt8uzY1XbpsO38&google_hm=Eax5eUtnwgcOOps6-5tAjQ==

Request Chain 496

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJzofAcinhKhFtmPCJWfqE&google_cver=1&google_push=AQvitUJwCGt7VCLcx43tRopGx332N9XjUsgFpjlc9cLyIpSGEpoUQPOb0MIaghE86FwbPQMTrV4NMlcu9xwdiO9350nNK6Db7f4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S085WFhWSTQtMVItTTdTUg==&google_push=AQvitUJwCGt7VCLcx43tRopGx332N9XjUsgFpjlc9cLyIpSGEpoUQPOb0MIaghE86FwbPQMTrV4NMlcu9xwdiO9350nNK6Db7f4

Request Chain 497

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA&google_cver=1&google_push=AQvitUKKCUSOnNMtSIypf3HptFWa6Bo2PWXjnfOvomOFTl_wbg5z8dsqvyApimOcwn7muIIj7jfPyxq_3KncetCDjaZDDELzPkxY HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA&google_cver=1&google_push=AQvitUKKCUSOnNMtSIypf3HptFWa6Bo2PWXjnfOvomOFTl_wbg5z8dsqvyApimOcwn7muIIj7jfPyxq_3KncetCDjaZDDELzPkxY&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJEuHXz3VMQ_Hki76PC33wAABMAAAAAB&google_cver=1&google_push=AQvitUKKCUSOnNMtSIypf3HptFWa6Bo2PWXjnfOvomOFTl_wbg5z8dsqvyApimOcwn7muIIj7jfPyxq_3KncetCDjaZDDELzPkxY&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA

Request Chain 498

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEN6jUEOTQk6gcf08yj-OQKQ&google_cver=1&google_push=AQvitUIJC45UQa_e3nsHxpTlX5K0bx8_ikLGptXdPa3F9BCmwvrwe2NW55D42pbHA8ik1YhgG68uWoUnvOJm6L1qhlBUYeBKAh8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUIJC45UQa_e3nsHxpTlX5K0bx8_ikLGptXdPa3F9BCmwvrwe2NW55D42pbHA8ik1YhgG68uWoUnvOJm6L1qhlBUYeBKAh8

Request Chain 499

https://match.360yield.com/match/ebda?google_gid=CAESEEC-moqVE4NRyxQW3PKt274&google_cver=1&google_push=AQvitUIR98_ACTTvcXIXKGf8YuMhPD1O1ZdLrcQMuNck1dat7bwkGtJA0QPGFzWvEGr5J2PAbKVXSluJBw14ryVsoPjAve1f7pk HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEEC-moqVE4NRyxQW3PKt274&google_cver=1&google_push=AQvitUIR98_ACTTvcXIXKGf8YuMhPD1O1ZdLrcQMuNck1dat7bwkGtJA0QPGFzWvEGr5J2PAbKVXSluJBw14ryVsoPjAve1f7pk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2h2u8X6MQ4msHKqxMnxpqg&google_push=AQvitUIR98_ACTTvcXIXKGf8YuMhPD1O1ZdLrcQMuNck1dat7bwkGtJA0QPGFzWvEGr5J2PAbKVXSluJBw14ryVsoPjAve1f7pk

Request Chain 527

https://ad.sxp.smartclip.net/select?type=vast3&ple=mailmetromedia.dailymail.html5.at.smartclip~~400x320&fwd_catid1=1003988&fwd_catid2=2024881&fwd_catid3=3138651&fwd_tthc=da01d19d-fc64-4f82-a18b-c5faaac7dbfb&fwd_sz=400x320&fwd_dp4=7&fwd_dp5=7&fwd_dpi1=7&fwd_i1=5&fwd_j4=1&fwd_j5=2&fwd_seg=e0:e1:e10p:e11p:e11r:e12e:e133:e13a:e14b:e1bi:e1bn:e1bw:e1bz:e1o0:e1o1:e1o2:e1o3:e1o4:e1oa:e1oc:e1od:e1oe:e1og:e1oh:e1oi:e1om:e1oq:e1ot:e1p0:e1p1:e1p6:e1p7:e1p8:e1p9:e1pe:e1ph:e1pi:e1pp:e1pq:e1qk:e3a:e3e:e3i:e3m:e3o:e3t:e3u:e3x:e4:e40:e41:e43:e49:e4b:e4c:e4d:e4g:e4i:e4j:e4l:e4m:e4n:e4p:e4t:e4v:e4x:e50:ec:ed:ei8:euu&ang_tpl=2&ang_ref=https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&optout=0&consent=&rnd=6842898 HTTP 302
https://ad.sxp.smartclip.net/select?type=vast3&ple=mailmetromedia.dailymail.html5.at.smartclip~~400x320&fwd_catid1=1003988&fwd_catid2=2024881&fwd_catid3=3138651&fwd_tthc=da01d19d-fc64-4f82-a18b-c5faaac7dbfb&fwd_sz=400x320&fwd_dp4=7&fwd_dp5=7&fwd_dpi1=7&fwd_i1=5&fwd_j4=1&fwd_j5=2&fwd_seg=e0:e1:e10p:e11p:e11r:e12e:e133:e13a:e14b:e1bi:e1bn:e1bw:e1bz:e1o0:e1o1:e1o2:e1o3:e1o4:e1oa:e1oc:e1od:e1oe:e1og:e1oh:e1oi:e1om:e1oq:e1ot:e1p0:e1p1:e1p6:e1p7:e1p8:e1p9:e1pe:e1ph:e1pi:e1pp:e1pq:e1qk:e3a:e3e:e3i:e3m:e3o:e3t:e3u:e3x:e4:e40:e41:e43:e49:e4b:e4c:e4d:e4g:e4i:e4j:e4l:e4m:e4n:e4p:e4t:e4v:e4x:e50:ec:ed:ei8:euu&ang_tpl=2&ang_ref=https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&optout=0&consent=&rnd=6842898&ang_testid=1

Request Chain 529

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESED0UrGtgbCW7ZShFE5l4SlI&google_cver=1&google_push=AQvitUK-K0tkvLAkQYNfP6ndFcb2sYCD59d-l5cRbQz9cjfNpwNbRKKfrKqaj8Ye7_kdkFjXtNPgkmhUJzrkj_Xj59fhRnyw6HfR9g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUK-K0tkvLAkQYNfP6ndFcb2sYCD59d-l5cRbQz9cjfNpwNbRKKfrKqaj8Ye7_kdkFjXtNPgkmhUJzrkj_Xj59fhRnyw6HfR9g&google_hm=Nzk2OTU3NTYxNTc0MzkzMzc5Ng%3D%3D

Request Chain 530

https://rtb.openx.net/sync/dds?google_gid=CAESEFZdjG6P8Br5hlX2FsrbH-s&google_cver=1&google_push=AQvitUJAWTqF2PQ_bV8rwFMTiK8GWQZTc7P_Ic2kXcUQORe7IX64rWddaYEFcSMZzTfAfZVNtvciCNYxbrM_bG1AmClT4p_9itLDJQ HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEFZdjG6P8Br5hlX2FsrbH-s&google_cver=1&google_push=AQvitUJAWTqF2PQ_bV8rwFMTiK8GWQZTc7P_Ic2kXcUQORe7IX64rWddaYEFcSMZzTfAfZVNtvciCNYxbrM_bG1AmClT4p_9itLDJQ&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJAWTqF2PQ_bV8rwFMTiK8GWQZTc7P_Ic2kXcUQORe7IX64rWddaYEFcSMZzTfAfZVNtvciCNYxbrM_bG1AmClT4p_9itLDJQ&google_hm=4UZqFLavyfwBW1dKzfo4_Q==

Request Chain 531

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJzofAcinhKhFtmPCJWfqE&google_cver=1&google_push=AQvitULwhQYs-6BmEqTUvv11ORiCd6uU94xXzaFUZ7sIV1nqgu1WgMyPrfQpSeiEHw1_A91LliA7KUWj1PGIgFTHRZdGVZ5caHQqRw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S085WFhaMVctUC1MNDZV&google_push=AQvitULwhQYs-6BmEqTUvv11ORiCd6uU94xXzaFUZ7sIV1nqgu1WgMyPrfQpSeiEHw1_A91LliA7KUWj1PGIgFTHRZdGVZ5caHQqRw

Request Chain 532

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA&google_cver=1&google_push=AQvitUJJj6oao63Aq1BpDyO_WlBMkPUL8QSM4VSYY5XWFKWiNPjaEowSAkn6iHkvOqXWCpt9Mro2lYIhGCCenyt8-s-bbu6oksFPrg HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA&google_cver=1&google_push=AQvitUJJj6oao63Aq1BpDyO_WlBMkPUL8QSM4VSYY5XWFKWiNPjaEowSAkn6iHkvOqXWCpt9Mro2lYIhGCCenyt8-s-bbu6oksFPrg&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJEuIc1L46vmtmCBWeMeyQAABLIAAAIB&google_cver=1&google_push=AQvitUJJj6oao63Aq1BpDyO_WlBMkPUL8QSM4VSYY5XWFKWiNPjaEowSAkn6iHkvOqXWCpt9Mro2lYIhGCCenyt8-s-bbu6oksFPrg&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA

Request Chain 533

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEN6jUEOTQk6gcf08yj-OQKQ&google_cver=1&google_push=AQvitUIp2kiXH80WZhqy-ERuiIFsddnhjRztwqEwJZUgL7CgY6MgtZif6hDE28HnCY0izX3opwgdaKm3ILkIciZFVZuft6aN2zs79w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUIp2kiXH80WZhqy-ERuiIFsddnhjRztwqEwJZUgL7CgY6MgtZif6hDE28HnCY0izX3opwgdaKm3ILkIciZFVZuft6aN2zs79w

539 HTTP transactions
19 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG... Show response
info.silobreaker.com/e2t/tc/ 9 KB
3 KB 85ms
84ms Document
text/html 199.60.103.254
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e5ceae72b8ed5ca278229d2eaa536711b09d9cbaa4365cc96f771a1dbc7916d

Request headers

:method: GET
:authority: info.silobreaker.com
:scheme: https
:path: /e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:36 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=df0e2de7d4dda14bc00ca311e74a949461620127236; expires=Thu, 03-Jun-21 11:20:36 GMT; path=/; domain=.info.silobreaker.com; HttpOnly; SameSite=Lax __cfruid=ca3cceb5c48f45fd33fc0248c1cf4dad01e0b2d3-1620127236; path=/; domain=.info.silobreaker.com; HttpOnly; Secure; SameSite=None
cf-ray: 64a1573a5b102c4e-FRA
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 09d8b4d87600002c4eba933000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-hubspot-correlation-id: 45578ae7-52a9-417d-bac8-2af60321cc4e
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6D1Bw7dhzsopGv%2BWaW0Lx24%2FvTyYM1kyAu%2FYk9LwphNbPG2f4xSTNjxOatRpzk7ZDCAI5dakH1HLTMSVB7FaTlpYE83%2B4dRTbyVSnPJejznjCOGc5g%3D%3D"}],"group":"cf-nel"}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br

GET
H2

200

Primary Request Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html Show response
www.dailymail.co.uk/wires/reuters/article-9539403/
Redirect Chain

https://info.silobreaker.com/events/public/v1/track/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xP...
http://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG...
https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7T...

281 KB
56 KB

1325ms
1309ms

Document
text/html

2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Requested by: Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d99c7510222e2bc33b5c4aa002c7d550436ecbad920ddcaa36c7f0c3a68185bc

Request headers

:method: GET
:authority: www.dailymail.co.uk
:scheme: https
:path: /wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: x-loc=none
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1

Response headers

content-type: text/html;charset=UTF-8
set-cookie: x-loc=none; path=/ percent=771577;Max-Age=31536000;path=/;HttpOnly;Secure ak_bmsc=83A654875C48CAC48B66967DF1621DE40210BABF1B200000042E91607DADA01A~plSwjyJTB3APrI/ng2/jAG70MxrjsZi1c4D/sLX9mRtAdBE3DyHNHZMmAXFG8sDFktVda73uyiQ0JK085kGR2fgMP/Z1WYn29oepp8w4WN8jNI1UOwLirkoP2nOaI0Erf6uHu61r4dysOwKiCpHynqDdJOsxaAow5+9KAcTbMBmrNG33BGK+1QOaIMbA1y2jZAM63oiKx25X6evmW2OjaE799ZXKzCg0846eEHRiuYDmG34yE9TMceXyD8xHPuPkmD; expires=Tue, 04 May 2021 13:20:36 GMT; max-age=7200; path=/; domain=.dailymail.co.uk; HttpOnly AKA_A2=A; expires=Tue, 04-May-2021 12:20:36 GMT; path=/; domain=dailymail.co.uk; secure; HttpOnly
x-rs-ctime: 240
vary: User-Agent Accept-Encoding
content-security-policy-report-only: block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly
server-timing: origin; dur=91 edge; dur=94 cdn-cache; desc=REVALIDATE
x-mol-georesp: de
x-rs-ben-time: Tue, 04 May 2021 11-20-36 GMT
x-rs-time: Tue, 04 May 2021 11-20-35 GMT
x-rs-ops: varnish6-web-a1-fe:6081
x-rs-ben: cljfe-a5:8181
x-storage: newarticles
x-akamai-transformed: 9 282627 0 pmb=mRUM,2
content-encoding: gzip
cache-control: max-age=61
date: Tue, 04 May 2021 11:20:37 GMT

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Date: Tue, 04 May 2021 11:20:36 GMT
Connection: keep-alive
Set-Cookie: x-loc=none; path=/
Server-Timing: cdn-cache; desc=HIT edge; dur=1
Vary: User-Agent

GET
H2 200 mol-adverts.desktop.css
scripts.dailymail.co.uk/static/mol-adverts/4.1.50/ 28 KB
6 KB 163ms
14ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.desktop.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 965d8f580475533a5f086cc3d84c5b50b3dde5cde78959fb2a1261bcbc8e34e7

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 07:21:22 GMT
server: AkamaiNetStorage
etag: "659e2fb774fd0323aee23346eb0cae21:1620112882.719754"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 6040
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 articleDefer.css
scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-async-bundle/6.19.2/ 337 KB
103 KB 163ms
15ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-async-bundle/6.19.2/articleDefer.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d4e19725f2267ea85db18c1072e6cad9ce5e3de2ca1184e3c780d415abba9e4f

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Wed, 31 Mar 2021 08:22:58 GMT
server: AkamaiNetStorage
etag: "e5ef61c96ede54ae29497f0762e65729:1617178978.300287"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 registration--.css
scripts.dailymail.co.uk/static/gunther/17.13.0/ 25 KB
6 KB 162ms
15ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/gunther/17.13.0/registration--.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 03482ceb4519a7706406f47e5992b55e9e5974abd56c45af482a7e1a09d836e6

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Fri, 26 Jun 2020 09:40:48 GMT
server: AkamaiNetStorage
etag: "1d7a19f1f78591a33d5ec97dd91f96b4:1593164448.110325"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 5639
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 desktop.css
scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/ 152 KB
95 KB 169ms
22ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: dbc991c489fc2146df3283bc340a50f0565f10b26228478611eb01846d4d66b1

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Thu, 08 Apr 2021 09:30:34 GMT
server: AkamaiNetStorage
etag: "f8c7e56aabc09dedf798651fd60066b9:1617874234.578618"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 all--.css
scripts.dailymail.co.uk/static/gunther/17.14.0/ 267 KB
43 KB 190ms
43ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/gunther/17.14.0/all--.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d43ac5826a74f4e5dcd9435aabe994b89a7e2030babd441463c621e96eec0375

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Fri, 17 Jul 2020 15:49:15 GMT
server: AkamaiNetStorage
etag: "e391873d0754fa60110c5299203d6f76:1595000955.065137"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 43619
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 all1--.css
scripts.dailymail.co.uk/static/gunther/17.14.0/ 55 KB
12 KB 171ms
25ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/gunther/17.14.0/all1--.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 62e5b5020499d0dbd26922152f199b559ee4922d9132b4242364edf88dc63121

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Fri, 17 Jul 2020 15:49:25 GMT
server: AkamaiNetStorage
etag: "2456679cc8c0c996054aec3c292d82d0:1595000965.438073"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 11487
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 rc-main--.css
scripts.dailymail.co.uk/static/gunther/17.14.0/ 19 KB
5 KB 170ms
26ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/gunther/17.14.0/rc-main--.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: ee80e2de5c026fa3c0786f587eed85d1521d50ba1aba027c2b0714c108c351a6

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Fri, 17 Jul 2020 15:49:16 GMT
server: AkamaiNetStorage
etag: "02c739164733a3164294a8737f313c36:1595000956.467317"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 4951
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 fff.css
scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-fff/1.6.0/styles/ 46 KB
9 KB 169ms
26ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-fff/1.6.0/styles/fff.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 01ae4bee7f4b463778e1e929d83b4eedcaf598d05ae8e748030259b5b5f0b083

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Mon, 12 Apr 2021 08:04:24 GMT
server: AkamaiNetStorage
etag: "cf69bb0d655c656383a84adc6fe705c6:1618214664.055212"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 8947
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 v-0.58.min.js Show response
scripts.dailymail.co.uk/rta2/ 15 KB
6 KB 185ms
42ms Script
application/x-javascript 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/rta2/v-0.58.min.js
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 08cbadc6957dd17b23964ba5763146e595ce4be96dbbb12f297909b1f70eff25

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Thu, 07 Jan 2021 15:24:25 GMT
server: AkamaiNetStorage
etag: "e29ae5b09b7c2666dc21de1c945df71c:1610033065.33783"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 5798
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 desktop.js Show response
scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/ 369 KB
111 KB 187ms
46ms Script
application/x-javascript 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.js
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 991cd2d69556d771f42364f7b0f3c31c26839438d4be4ee7daa286ba6d5aa921

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Thu, 08 Apr 2021 09:30:40 GMT
server: AkamaiNetStorage
etag: "a06e89a3c11b2300d404940e6f6220e2:1617874240.575002"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 mol-adverts.js Show response
scripts.dailymail.co.uk/static/mol-adverts/4.1.50/ 1 MB
280 KB 176ms
46ms Script
application/x-javascript 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d256af4d5ff409300d88d5967ad72603da54fdcaafcd9db402177704fba7ee01

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 07:21:25 GMT
server: AkamaiNetStorage
etag: "6a94f0eb756b4bdfdad255e1f494e324:1620112885.782121"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 articleDefer.js Show response
scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-async-bundle//6.19.2/ 520 KB
149 KB 26ms
17ms Script
application/x-javascript 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-async-bundle//6.19.2/articleDefer.js
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: ce03ad949eaf22f8146d090a7491cbd5130e48b064467fa71b8099675d5b9c7a

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Wed, 31 Mar 2021 08:22:49 GMT
server: AkamaiNetStorage
etag: "a6945714be7ce0a2c93187d1db1a67f9:1617178969.402267"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 async_bundle--.js Show response
scripts.dailymail.co.uk/static/gunther/17.14.0/ 328 KB
95 KB 27ms
17ms Script
application/x-javascript 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/gunther/17.14.0/async_bundle--.js
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0c7912ff68380c2a84d28cf812215fb6d230d5750f9f67b328970e01d0da5a37

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: gzip
last-modified: Fri, 17 Jul 2020 15:49:20 GMT
server: AkamaiNetStorage
etag: "0620d2935cb03d1451a72e524963ba2d:1595000960.633166"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
expires: Thu, 03 Jun 2021 11:20:39 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 334 KB
115 KB 130ms
7ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d25942b7da85bc7cdb258cdb436227b1de7e3a2b50c61f7d7050eff911f88f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117044
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:39 GMT

GET
H2 200 mol-fe-videoplayer.min.css
scripts.dailymail.co.uk/static/videoplayer/6.12.0/styles/ 90 KB
13 KB 173ms
42ms Stylesheet
text/css 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/styles/mol-fe-videoplayer.min.css
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c64308e6ed3ab4dc8c78868174040d8d09546ea9e6ab19682285a675897edc98

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:38 GMT
content-encoding: gzip
last-modified: Thu, 17 Dec 2020 10:11:19 GMT
server: AkamaiNetStorage
etag: "62426632e135cbbb9a89d534c68e342c:1608199879.200558"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 12709
expires: Thu, 03 Jun 2021 11:20:38 GMT

GET
H2 200 mol-fe-videoplayer.min.js Show response
scripts.dailymail.co.uk/static/videoplayer/6.12.0/scripts/ 449 KB
126 KB 29ms
28ms Script
application/x-javascript 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/scripts/mol-fe-videoplayer.min.js
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: aedf94ad839f3db31848e2b9659dd2b576b7047ea6638988aacfd782df9d8c8c

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: gzip
last-modified: Thu, 17 Dec 2020 10:11:17 GMT
server: AkamaiNetStorage
etag: "bee78577ce805b4bf5f249774d50c953:1608199877.465708"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
expires: Thu, 03 Jun 2021 11:20:39 GMT

GET
H2 200 logo_mol.gif
i.dailymail.co.uk/i/sitelogos/ 4 KB
4 KB 14ms
11ms Image
image/gif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/sitelogos/logo_mol.gif
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f17cf1cb73dc13f928ef0122375fe550926a471e46d614199bfe8ef69733437a

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
last-modified: Tue, 09 Dec 2008 12:49:57 GMT
server: AkamaiNetStorage
etag: "258fb3209febe558120d7d564d7422b1:1228827055"
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 3918
expires: Thu, 03 Jun 2021 11:20:39 GMT

GET
H2 200 DailyMail.png
i.dailymail.co.uk/i/furniture/facebook/DailyMail/ 3 KB
3 KB 14ms
13ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/furniture/facebook/DailyMail/DailyMail.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 95d607220b1d2e7808de3ec9a6381a11f036d9d84f37f7b3a604b1f91e8d4ecd

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
last-modified: Sun, 18 Apr 2021 23:36:35 GMT
server: AkamaiNetStorage
etag: "09d22b22b538f13d1ee0d26ef5bb711d:1618788995.184239"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 2604
expires: Thu, 03 Jun 2021 11:20:39 GMT

GET
H2 200 btn_ipadapp_5_308x111.png
i.dailymail.co.uk/i/pix//promoboxes/ 38 KB
38 KB 12ms
9ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/pix//promoboxes/btn_ipadapp_5_308x111.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5e8aeb859e55a6671b89115d84e0fd7e5435ea99b3b49e7ebd3d4c22e41185e8

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
last-modified: Thu, 21 Apr 2011 16:49:47 GMT
server: AkamaiNetStorage
etag: "8bf2dc1c1ea05fc41fb7410b396a1bb6:1303404587"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 38475
expires: Thu, 03 Jun 2021 11:20:39 GMT

GET
H2 200 fff.js Show response
scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-fff/1.6.0/scripts/ 119 KB
40 KB 18ms
16ms Script
application/x-javascript 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-fff/1.6.0/scripts/fff.js
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 835f1dfc4109c578b77ba1b24a70cf3c07e73440aa65a94c329c29f763423bc5

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: gzip
last-modified: Mon, 12 Apr 2021 08:04:25 GMT
server: AkamaiNetStorage
etag: "eea372bce8ac8e188267c4751ef1d05a:1618214665.536042"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
expires: Thu, 03 Jun 2021 11:20:39 GMT

GET
H2 200 logo_cookie_reg.png
i.dailymail.co.uk/i/furniture/misc/ 189 B
401 B 13ms
12ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/furniture/misc/logo_cookie_reg.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 2f59ac8dad7d832c75edc7cf917c512a3788d03ce0862b38c1bfccc54eb01d10

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
last-modified: Mon, 06 Nov 2017 11:54:00 GMT
server: AkamaiNetStorage
etag: "2c776973168421488cd8ba0f131ef7f4:1509969240"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 189
expires: Thu, 03 Jun 2021 11:20:39 GMT

GET
H2 200 door.js Show response
uk-script.dotmetrics.net/ 7 KB
3 KB 209ms
0ms Script
application/javascript 143.204.202.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uk-script.dotmetrics.net/door.js?d=www.dailymail.co.uk&t=dmgt
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.202.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-19.fra53.r.cloudfront.net
Software: Kestrel /
Resource Hash: 3d622f18ebd9afa499e74f59f24865944d84b2baef1cd01a868a9d912affb09d

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: br
server: Kestrel
x-amz-cf-pop: FRA53-C1
etag: ".www.dailymail.co.uk.dmgt.181.2021050411"
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
cache-control: private
content-type: application/javascript
x-amz-cf-id: NpaF285TfO1BUFK8nKWBFVMnpyC1sFmraM0H-EPUc_4-Rh3FxEhPWA==

POST
H2 200 sa Show response
ted.dailymail.co.uk/s/ 232 B
896 B 48ms
44ms XHR
application/json 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ted.dailymail.co.uk/s/sa
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/rta2/v-0.58.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d9eb40bd6f3fb11c281ea2ebbca11dd35b8c1ea4219aad1a0793eea7b346d889

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-type: application/json
access-control-allow-origin: https://www.dailymail.co.uk
expires: Tue, 04 May 2021 11:20:39 GMT
cache-control: private, no-cache, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, documentReferer
content-length: 232
x-rs-ops: rta2-rufus-a4-fe.hsk.mol.dmgt.net:8180

POST
H2 200 sa Show response
t.dailymail.co.uk/s/ 233 B
900 B 271ms
254ms XHR
application/json 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dailymail.co.uk/s/sa
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/rta2/v-0.58.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 92df03d560f2a5007f5829e461b2435cfff5f2f51ccb295cced6fd94c126d995

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-type: application/json
access-control-allow-origin: https://www.dailymail.co.uk
expires: Tue, 04 May 2021 11:20:39 GMT
cache-control: private, no-cache, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, documentReferer
content-length: 233
x-rs-ops: rta2-rufus-c2-fe.rdg.mol.dmgt.net:8180

GET
H2

200

r2
sb.scorecardresearch.com/
Redirect Chain

https://swa.and.co.uk/b/ss/anddailymailprod/1/JS-2.9.0/s18906902529400?AQB=1&ndh=1&pf=1&t=4%2F4%2F2021%2013%3A20%3A38%202%20-120&fid=33940E2813915D97-3AC17759A1BDB276&ce=iso-8859-1&ns=associatednor...
https://swa.and.co.uk/b/ss/anddailymailprod/1/JS-2.9.0/s18906902529400?AQB=1&pccr=true&vidn=3048970469A6D00B-600013F56414F9B1&ndh=1&pf=1&t=4%2F4%2F2021%2013%3A20%3A38%202%20-120&fid=33940E2813915D9...
https://sb.scorecardresearch.com/r?c2=6034964&d.c=gif&d.o=anddailymailprod&d.x=7951644715&d.t=page&d.u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-est...
https://sb.scorecardresearch.com/r2?c2=6034964&d.c=gif&d.o=anddailymailprod&d.x=7951644715&d.t=page&d.u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-es...

48 B
315 B

58ms
56ms

Image
image/gif

52.222.183.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/r2?c2=6034964&d.c=gif&d.o=anddailymailprod&d.x=7951644715&d.t=page&d.u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.183.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-183-91.ham50.r.cloudfront.net
Software: /
Resource Hash: ee403944cf9c0065eee14f507f8eb887d8e333c8627d7347e137380f46a88938

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:41 GMT
via: 1.1 6c314f9bc806736c483494e492792b33.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C1
etag: W/"30-K3w/+rPqfRuZ+eZGax9xsuNr3hM"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 48
x-amz-cf-id: Q9LnyjKBaqy65iKIlRcbbq3VnuHmXnLHe1UmjOhyTqBQpiWU5bzonw==

Redirect headers

date: Tue, 04 May 2021 11:20:40 GMT
via: 1.1 6c314f9bc806736c483494e492792b33.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/r2?c2=6034964&d.c=gif&d.o=anddailymailprod&d.x=7951644715&d.t=page&d.u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
content-length: 413
x-amz-cf-id: Glmkwyy9jSNptVLu1Qbz7Ze5fA0D_77Dpgh0Eb5xdd1Idtls7gvWDg==

GET
H2 200 register.js Show response
hulkprod.anm.co.uk/api/web-push-notification/v1/static/latest/mol-fe-web-push-browser-register/ 56 KB
12 KB 238ms
10ms Script
application/javascript 2a02:26f0:120::5435:8c78
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://hulkprod.anm.co.uk/api/web-push-notification/v1/static/latest/mol-fe-web-push-browser-register/register.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:120::5435:8c78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4c3cce7c2373fc4acb18cddf35cb7c8b28fea5e8ba592c520168c79a05cdb7b4

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-rs-ops: mol-fe-web-push-notification-a2-fe:8080
date: Tue, 04 May 2021 11:20:40 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PATCH
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, no-cache
accept-ranges: bytes
access-control-allow-headers: X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Authorization
content-length: 11706
service-worker-allowed: /
expires: Tue, 04 May 2021 11:20:40 GMT

GET
H/1.1

200

sync Show response
sync.sxp.smartclip.net/
Redirect Chain

https://sync.sxp.smartclip.net/sync?type=red&dsp=10
https://sync.sxp.smartclip.net/sync?type=red&dsp=10&ang_testid=1

42 B
377 B

59ms
56ms

XHR
image/gif

34.241.183.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.sxp.smartclip.net/sync?type=red&dsp=10&ang_testid=1
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.183.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-183-220.eu-west-1.compute.amazonaws.com
Software: nginx/1.17.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:40 GMT
Server: nginx/1.17.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42

Redirect headers

Date: Tue, 04 May 2021 11:20:39 GMT
Server: nginx/1.17.6
Location: https://sync.sxp.smartclip.net/sync?type=red&dsp=10&ang_testid=1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2 200 edgedata.html Show response
www.dailymail.co.uk/geo/ 785 B
1 KB 46ms
39ms Fetch
text/html 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dailymail.co.uk/geo/edgedata.html
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dfb749c8597c2c8686580548520a1575a8026ed3efda320792bc9f5bc8cd246a

Request headers

:path: /geo/edgedata.html
pragma: no-cache
cookie: s_pers=%20s_fid%3D33940E2813915D97-3AC17759A1BDB276%7C1777893638787%3B%20s_nr_v15%3D1620127238810%7C1622719238810%3B%20s_pn2_v15%3D%252Fwires%252Freuters%252Farticle%7C1620129038921%3B%20gpv_c1%3D%252Fwires%7C1620129038929%3B%20gpv_c2%3D%252Fwires%252Freuters%7C1620129038932%3B%20gpv_c4%3Darticle%7C1620129038934%3B%20s_vmonthnum%3D1622498399939%2526vn%253D1%7C1622498399938%3B%20s_monthinvisit%3Dtrue%7C1620129038938%3B%20s_vweeknum%3D1620511199951%2526vn%253D1%7C1620511199944%3B%20s_mweekinvisit%3Dtrue%7C1620129038944%3B%20s_vdaynum%3D1620165599975%2526vn%253D1%7C1620165599974%3B%20s_dayinvisit%3Dtrue%7C1620129038974%3B; s_sess=%20s_visit_v15%3D1%3B%20s_pn_v15%3D%252Fwires%252Freuters%252Farticle%3B%20s_cc%3Dtrue%3B; dm_clientsegment=c; mol-fe-segmentation.data={%22segments%22:{%22a%22:{%22weight%22:10}%2C%22b%22:{%22weight%22:10}%2C%22c%22:{%22weight%22:80}}%2C%22shuffleNumber%22:2%2C%22defaultSegment%22:%22default%22}; ak_bmsc=7A0A519EA84642FFFF855D3D29E4E7EF0210BABF1B200000072E91609772225A~plqjhdBelpeuLDGy7aioO6/zmRGoHE0K+N+VAXOnD4VCcGH0xWYyAEyKMiXKyiZRPHKnH4sIy4xeI7gyR4c8sAiww0XYaruKr/Wu/zLnphzEF+4Sa27bPVvT2c/3CUX0F7oRDApH751KJCPVZDe5fFSNJ1pRp8BuJvdOQe0uX8hE6Q48OmAupWrtMNi/DVXRUwaVDnTRVBNOIRqa1IXggNw5SyqZZJuhkzzeOwOQgShWk/tpdt9ZNOdj25f1Jrzdhw
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.dailymail.co.uk
referer: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
:scheme: https
sec-fetch-site: same-origin
:method: GET
pragma: no-cache
cache-control: no-cache
Referer: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
vary: User-Agent
content-security-policy-report-only: block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly
content-type: text/html
cache-control: max-age=1026
server-timing: edge; dur=1 cdn-cache; desc=HIT
set-cookie: x-loc=none; path=/ bm_sv=36328B50A62FC0AAEAEB9B7C7F452424~7XddvuSWNyl3Mk+m41ZhZXu/ZVvJzFbC/qxjwtAm/i5NkWLyWuzD+l+JzO2uqquiK+/8fRUgYQPZABrKlO6C24Hp9JQZDj/py8U6sGTpHJ2s9kRtE3qpTMfOWZ/cggF8KzWS1mK+jOdVWRcnaFpSV3i1Li3qLR9R0a+ZT6NWYec=; Domain=.dailymail.co.uk; Path=/; Max-Age=7200; HttpOnly
content-length: 785
x-akamai-transformed: 9 785 0 pmb=mRUM,2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 61 KB
21 KB 240ms
15ms Script
text/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2fbc9d4b85346730a13be4b09ce98149df1616a3f959b44d016a142615cb19aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "861 / 691 of 1000 / last-modified: 1620126580"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21177
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:40 GMT

GET
H/1.1 200
OK launcher.js Show response
sak.userreport.com/mol/ 46 KB
14 KB 239ms
17ms Script
application/javascript 2600:9000:2070:ba00:8:5c85:cdc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sak.userreport.com/mol/launcher.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2070:ba00:8:5c85:cdc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a2d04bb04d52ca53c1aaf2f8de8574e929f1136e08c828f36bfe0b03d588835

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: I0zZ8fJjlbBdpU31WSxSwsQh_njKJ8CZ
Content-Encoding: br
ETag: W/"6d509bc807890482e7742fa12a3fdc85"
Age: 13
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 16 Nov 2020 11:54:59 GMT
Server: AmazonS3
Date: Tue, 04 May 2021 11:20:37 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 a432ddebfd10465526f121270421362b.cloudfront.net (CloudFront)
Cache-Control: max-age=7200, s-maxage=60
X-Amz-Cf-Pop: HAM50-C3
X-Amz-Cf-Id: DzjhD_33dFHfOwQGFtnOE6OUSutVym4F8a4kfmfWJHb7LLeHHPga0Q==

GET
H2 200 pubcid.min.js Show response
www.dailymail.co.uk/static/mol-adverts/demo/mol-21682/dist/ 57 KB
16 KB 172ms
57ms Script
application/x-javascript 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dailymail.co.uk/static/mol-adverts/demo/mol-21682/dist/pubcid.min.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Resource Optimizer /
Resource Hash: afd2447f77118df6fd4b8710c2b23e7bb4edb557795c643e3d8a7c12df4e6586

Request headers

:path: /static/mol-adverts/demo/mol-21682/dist/pubcid.min.js
pragma: no-cache
cookie: s_pers=%20s_fid%3D33940E2813915D97-3AC17759A1BDB276%7C1777893638787%3B%20s_nr_v15%3D1620127238810%7C1622719238810%3B%20s_pn2_v15%3D%252Fwires%252Freuters%252Farticle%7C1620129038921%3B%20gpv_c1%3D%252Fwires%7C1620129038929%3B%20gpv_c2%3D%252Fwires%252Freuters%7C1620129038932%3B%20gpv_c4%3Darticle%7C1620129038934%3B%20s_vmonthnum%3D1622498399939%2526vn%253D1%7C1622498399938%3B%20s_monthinvisit%3Dtrue%7C1620129038938%3B%20s_vweeknum%3D1620511199951%2526vn%253D1%7C1620511199944%3B%20s_mweekinvisit%3Dtrue%7C1620129038944%3B%20s_vdaynum%3D1620165599975%2526vn%253D1%7C1620165599974%3B%20s_dayinvisit%3Dtrue%7C1620129038974%3B; s_sess=%20s_visit_v15%3D1%3B%20s_pn_v15%3D%252Fwires%252Freuters%252Farticle%3B%20s_cc%3Dtrue%3B; dm_clientsegment=c; mol-fe-segmentation.data={%22segments%22:{%22a%22:{%22weight%22:10}%2C%22b%22:{%22weight%22:10}%2C%22c%22:{%22weight%22:80}}%2C%22shuffleNumber%22:2%2C%22defaultSegment%22:%22default%22}; ak_bmsc=7A0A519EA84642FFFF855D3D29E4E7EF0210BABF1B200000072E91609772225A~plqjhdBelpeuLDGy7aioO6/zmRGoHE0K+N+VAXOnD4VCcGH0xWYyAEyKMiXKyiZRPHKnH4sIy4xeI7gyR4c8sAiww0XYaruKr/Wu/zLnphzEF+4Sa27bPVvT2c/3CUX0F7oRDApH751KJCPVZDe5fFSNJ1pRp8BuJvdOQe0uX8hE6Q48OmAupWrtMNi/DVXRUwaVDnTRVBNOIRqa1IXggNw5SyqZZJuhkzzeOwOQgShWk/tpdt9ZNOdj25f1Jrzdhw; x-loc=none; bm_sv=36328B50A62FC0AAEAEB9B7C7F452424~7XddvuSWNyl3Mk+m41ZhZXu/ZVvJzFbC/qxjwtAm/i5NkWLyWuzD+l+JzO2uqquiK+/8fRUgYQPZABrKlO6C24Hp9JQZDj/py8U6sGTpHJ2s9kRtE3qpTMfOWZ/cggF8KzWS1mK+jOdVWRcnaFpSV3i1Li3qLR9R0a+ZT6NWYec=; _gd1620127239434=1; _pbjs_userid_consent_data=3524755945110770; _pubcid=9ed8e953-8af2-41f9-b473-9f6b80c8980d
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.dailymail.co.uk
referer: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: br
content-security-policy-report-only: block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly
last-modified: Sat, 13 Mar 2021 03:07:48 GMT
server: Akamai Resource Optimizer
etag: "c74b87c9a8cadd3463a338a08b3f2cf6:1603291730.298429"
vary: User-Agent
content-type: application/x-javascript
cache-control: max-age=402431
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
timing-allow-origin: *
content-length: 16091
expires: Sun, 09 May 2021 03:07:50 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 126 KB
33 KB 220ms
70ms Script
application/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 05b1936a5e4229dc34d8e5fcfc22ce024634ea618687f37e31857402b27c4dba

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 05:09:09 GMT
content-encoding: gzip
server: Server
age: 22291
etag: 8975e8311e479cf7d71d71133ee2dff8
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: HAM50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: RvFob.r3TH_ft5dtWL2SCNMCpiQphReE
x-amz-cf-id: PQHkzjPC5VXgRLrTGL2cukXgTX0xM5jGeA6iKgHgZADbbomtdZVZCA==

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1125455/ 65 KB
22 KB 150ms
33ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1125455/tfa.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d2c99319671e2e748cbd71c89d563843efc0cd38d9f300c6f7faac9ac8cdc427

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: .d43hRMAmQVFwPeAlpWw6n9coerxkUT_
content-encoding: gzip
etag: "ae1c60bfeeed3b742b2e1dcf743046cb"
age: 35
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 22267
x-amz-id-2: eOzCJcDrzxSTdq6wTsFL8Kpg2fAimJl1KqZOlGjpdXF3EYIvEtjiQ4SUn7zXoJhXBjXDdjV0nkE=
x-served-by: cache-fra19126-FRA
last-modified: Wed, 28 Apr 2021 08:42:18 GMT
server: AmazonS3
x-timer: S1620127240.116705,VS0,VE1
date: Tue, 04 May 2021 11:20:40 GMT
vary: Accept-Encoding
x-amz-request-id: CYSCWSJ33Z2DNM3C
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 19
x-cache-hits: 1

GET
H2 200 adsm.macro.4111597d-dc70-4fd8-b25e-7d24d8423e73.js Show response
macro.adnami.io/macro/spec/ 12 KB
4 KB 55ms
19ms Script
application/javascript 2606:4700::6812:5ba

General

Check archive.org

Show headers Download Go to

Full URL: https://macro.adnami.io/macro/spec/adsm.macro.4111597d-dc70-4fd8-b25e-7d24d8423e73.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:5ba , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 77f951b4aefa28403632bfc068196aaf2051e44078527250c041ad4930d4e186

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 04 May 2021 11:20:40 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: BaNtzeZk591KUCHKDlyEXQ==
age: 6263
content-disposition
cf-request-id: 09d8b4e76d00002c0dcf868000000001
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Fri, 27 Nov 2020 15:55:08 GMT
server: cloudflare
etag: W/"0x8D892ECD0E071CB"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: 6864e227-801e-006e-0130-2da953000000
cache-control: public, max-age=14400
x-ms-version: 2014-02-14
cf-ray: 64a157524b8d2c0d-FRA
expires: Tue, 04 May 2021 15:20:40 GMT

GET
H/1.1

200
OK

directsdk.js Show response
aka.spotxcdn.com/integration/directsdk/v1/
Redirect Chain

https://js.spotx.tv/directsdk/v1/234272.js
https://aka.spotxcdn.com/integration/directsdk/v1/directsdk.js

418 KB
155 KB

170ms
41ms

Script
text/javascript

2.18.232.234

General

Check archive.org

Show headers Download Go to

Full URL: https://aka.spotxcdn.com/integration/directsdk/v1/directsdk.js
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.234 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-232-234.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d6fa7c39b1d5e288c739c3a225a90d0698798485d5b17c1350dc17925942b841

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Sep 2020 19:35:03 UTC
Server: nginx
Access-Control-Allow-Headers
ETag: 7112a693437c5fad3aa28033ed1f53f1
Vary: Accept-Encoding
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=48
Connection: keep-alive
Timing-Allow-Origin: *
X-SpotX-Build-Version: 1.31.0-20200910.1910
Content-Length: 157844

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:40 GMT
Last-Modified: Tue, 04 May 2021 11:20:40 UTC
Server: nginx
Location: //aka.spotxcdn.com/integration/directsdk/v1/directsdk.js
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: post-check=0, pre-check=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 130
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 klick-dailymail.js Show response
storage.cloud.kargo.com/ad/network/klick/ 3 KB
2 KB 366ms
34ms Script
application/javascript 2.16.107.122

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.cloud.kargo.com/ad/network/klick/klick-dailymail.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.107.122 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-16-107-122.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b94472d780db3b45c0920bb2dbd0cb57660d80671491ada0ef15776f3de9e812

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: S4lmeeHObFqS8xYQ_eDM32vJF.umlPRv
content-encoding: gzip
etag: "44e6b966c12b759049179f23810ace77"
x-amz-request-id: 6FF7AA635055E7A7
x-amz-replication-status: COMPLETED
vary: Accept-Encoding
content-length: 1627
x-amz-id-2: +U9XRWm0kKlPTmQYygke82470SYqVNKxZz/3D161phit4wWe6Ymz170HIrQVn/6zU7zUJm8plEE=
last-modified: Mon, 10 Jun 2019 14:32:31 GMT
server: AmazonS3
date: Tue, 04 May 2021 11:20:40 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1800
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *

GET
H/1.1 200
OK topVideos.json Show response
secured.dailymail.co.uk/feeds/commercial/ 148 KB
43 KB 49ms
7ms XHR
application/json 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secured.dailymail.co.uk/feeds/commercial/topVideos.json
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 94a34851022e0a9470d5d87994054b253c62d3a5115a8db1311cc0ef259d702b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:39 GMT
Content-Encoding: gzip
x-rs-ben-time: Tue, 04 May 2021 11-18-36 GMT
Connection: keep-alive
Content-Length: 43368
X-rs-ops: varnish6-web-c1-fe:6081
Access-Control-Allow-Headers: X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Authorization
x-rs-time: Tue, 04 May 2021 11-19-36 GMT
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=1800
Accept-Ranges: bytes
x-rs-ben: video-feed-c2:3000
x-storage: other
Expires: Tue, 04 May 2021 11:50:39 GMT

GET
H2 200 match
e.serverbid.com/udb/9969/ 0
44 B 358ms
114ms Image
text/plain 134.209.129.254

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fpool%2Fset%2Fi.gif%3FpoolId%3D9969%26poolKey%3D
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.209.129.254 North Bergen, United States, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
content-length: 0

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 36ms
6ms XHR
application/json 2a04:4e42:3::621

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , United States, ASN (),

Reverse DNS

Software

Resource Hash

302fb5a88053319c4328d4cf7140290569e42648a82108749de500da4c6a4d05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 29957
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 917
etag: W/"66d-mVlrmmxcQCNWPIx7O9qmU+mTepc"
x-served-by: cache-fra19180-FRA
date: Tue, 04 May 2021 11:20:39 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

POST
H/1.1 200
OK cookie_sync Show response
prebid.adnxs.com/pbs/v1/ 804 B
766 B 148ms
56ms XHR
application/json 37.252.161.190

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.adnxs.com/pbs/v1/cookie_sync
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.252.161.190 Bethnal Green, United Kingdom, ASN (),
Reverse DNS: prebid.ams1.adnexus.net
Software: nginx/1.19.0 /
Resource Hash: 692c21097fd1b5daabe6c434af68f948dd87daf295dda7baa28b787c3af18be2

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:39 GMT
Content-Encoding: gzip
Server: nginx/1.19.0
Vary: Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Expires: 0

POST
H/1.1 200
OK auction Show response
prebid.adnxs.com/pbs/v1/openrtb2/ 178 B
527 B 219ms
134ms XHR
application/json 37.252.161.190

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.adnxs.com/pbs/v1/openrtb2/auction
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.252.161.190 Bethnal Green, United Kingdom, ASN (),
Reverse DNS: prebid.ams1.adnexus.net
Software: nginx/1.19.0 /
Resource Hash: bd853e6a29ce564bcf89764de568d714aa7ddedeecfbd35224c3e2ff1182b8ef

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:39 GMT
Server: nginx/1.19.0
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 178
Expires: 0

POST
H/1.1 200
OK v2 Show response
mfad.inskinad.com/api/ 160 B
814 B 774ms
330ms XHR
application/json 23.21.47.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mfad.inskinad.com/api/v2
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.47.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.16.1 / adzerk bifrost/
Resource Hash: 6b0381255672e5d8aff0ccfa4745701fb8acff727bae521937e4a3a0ec217150

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:40 GMT
ETag: W/"a0-4VySjTOMvN6qq+4bA1gDDOx/d0I"
Server: nginx/1.16.1
x-powered-by: adzerk bifrost/
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Origin, Content-Type, Content-Length, X-Adzerk-Explain, X-Adzerk-Sdk-Version
Content-Length: 160
x-served-by: engine-production-i-0ff39fe2dddab762b

POST
H2 200 xhr Show response
pre.ads.justpremium.com/v/2.0/t/ 43 B
254 B 526ms
339ms XHR
application/json 3.124.9.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/2.0/t/xhr?i=1620127239678
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.9.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d34e8a1a381b203e3d1f7c6ed4f077038e91782ea254c7a7e4785462147a385a

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:40 GMT
cache-control: public, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
content-type: application/json

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
149 B 273ms
81ms XHR
text/plain 178.250.0.165

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.13.0-mol-1&cb=36276069343
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN (),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
119 B 287ms
108ms XHR
text/plain 185.64.189.112

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:38 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 358 B
711 B 306ms
117ms XHR
application/json 185.255.84.151
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&CanonicalUrl=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&PublisherDomain=https%3A%2F%2Fwww.dailymail.co.uk

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.151 Paris, France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

542627409824830fa0c954d28930df7b3b2b3c4acd133ffff654c0978030bbe3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:39 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 74
access-control-allow-headers: Accept-Encoding, Content-Type
content-length: 358
expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 1 KB
10 KB 483ms
212ms XHR
application/json 213.19.162.31

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=8625&site_id=124374&zone_id=587732%3B587732%3B587734%3B587734%3B1102954%3B1102954%3B587746%3B587746%3B587754%3B587754&size_id=2%3B2%3B2%3B2%3B2%3B2%3B15%3B15%3B15%3B15&alt_size_ids=57%3B57%3B57%3B57%3B%3B%3B%3B%3B10%3B10&p_pos=atf%3Batf%3B%3B%3B%3B%3B%3B%3Batf%3Batf&eid_pubcid.org=9ed8e953-8af2-41f9-b473-9f6b80c8980d%5E1&rf=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&tg_i.area=wires&tk_flint=pbjs_lite_v4.13.0-mol-1&x_source.tid=c8495999-a054-48cb-97c0-7d29faa4dc52%3Bc8495999-a054-48cb-97c0-7d29faa4dc52%3B56a6b610-95b4-4b80-847a-0f79e6041fae%3B56a6b610-95b4-4b80-847a-0f79e6041fae%3Bc2c592bb-5e1b-4ec1-8e4b-af2a911df564%3Bc2c592bb-5e1b-4ec1-8e4b-af2a911df564%3Bb36aed62-f4c2-4f72-ab7e-82be3883c739%3Bb36aed62-f4c2-4f72-ab7e-82be3883c739%3B82a4461d-3561-40d9-ba62-416b34e27a2f%3B82a4461d-3561-40d9-ba62-416b34e27a2f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=10&rand=0.6888110622900028
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN (),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: c8166e7e01b89370a629654663cc48d6c8a3008ea13e7e9731a54b6b3100d630

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:40 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 417
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 1 KB
10 KB 433ms
162ms XHR
application/json 213.19.162.31

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=8625&site_id=124374&zone_id=587760%3B587760%3B587764%3B587764%3B587782%3B587782%3B724806%3B724806%3B587784%3B587784&size_id=15%3B15%3B15%3B15%3B15%3B15%3B15%3B15%3B9%3B9&alt_size_ids=10%3B10%3B%3B%3B%3B%3B10%3B10%3B8%2C10%3B8%2C10&p_pos=atf%3Batf%3B%3B%3B%3B%3Batf%3Batf%3Batf%3Batf&eid_pubcid.org=9ed8e953-8af2-41f9-b473-9f6b80c8980d%5E1&rf=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&tg_i.area=wires&tk_flint=pbjs_lite_v4.13.0-mol-1&x_source.tid=cd8af826-ea63-4b75-8bd4-a904627c3f17%3Bcd8af826-ea63-4b75-8bd4-a904627c3f17%3B09ea665e-57ea-4852-a07b-21387ee39012%3B09ea665e-57ea-4852-a07b-21387ee39012%3B2d70e751-7c17-4429-b694-7da1e8fc352b%3B2d70e751-7c17-4429-b694-7da1e8fc352b%3B6b1b4f8a-c59d-4e19-85f7-75b3823baa59%3B6b1b4f8a-c59d-4e19-85f7-75b3823baa59%3Bb765e43d-1c0b-4947-b313-5b2289a6338b%3Bb765e43d-1c0b-4947-b313-5b2289a6338b&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=10&rand=0.11685549532241835
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN (),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 9f7c844ddaa3e21554d8f6c0bb5e4519326f5e5c40e24cf7c935f5137e0f360e

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:40 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 415
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 484 B
4 KB 414ms
143ms XHR
application/json 213.19.162.31

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=8625&site_id=124374&zone_id=587786%3B587786%3B1077764&size_id=9%3B9%3B57&alt_size_ids=8%2C10%3B8%2C10%3B68&p_pos=atf%3Batf%3B&eid_pubcid.org=9ed8e953-8af2-41f9-b473-9f6b80c8980d%5E1&rf=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&tg_i.area=wires&tk_flint=pbjs_lite_v4.13.0-mol-1&x_source.tid=d60408ee-f1bd-4057-a74c-ae3af2208258%3Bd60408ee-f1bd-4057-a74c-ae3af2208258%3B5390c261-af2d-4efe-8fdb-e49262442935&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=3&rand=0.13987309413137328
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN (),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 6df84dfc81c732938c0f5738070b994cb43dd35ee28742d73fca763f30c84981

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:40 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 484
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 270ms
104ms XHR
application/json 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691510171713aaede3c85d0ab0026&pos=desktop_billboard&cmd=bid&secure=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: e5e93ea1984de2a9d6bfe6db217849a9ae2c723a390703a57abf88dab1829aab

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:39 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 330ms
164ms XHR
application/json 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691510171713aaede3c85d0ab0026&pos=desktop_mpu_puff_20&cmd=bid&secure=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: ceb01576c0e2ca725b405b91ba80afb31cab2dd469c71c3cdec04377e949e9b3

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:40 GMT
Server: ATS/7.1.2.128
Age: 1
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 287ms
121ms XHR
application/json 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691510171713aaede3c85d0ab0026&pos=desktop_mpu_puff_45&cmd=bid&secure=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: 391a83696b164e7a3f26c1120ac6981bb8af693f7bb0d98a2479ca202e47b46b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:39 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 354ms
188ms XHR
application/json 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691510171713aaede3c85d0ab0026&pos=desktop_mpu_top&cmd=bid&secure=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: fb3b511141266ce7c40a71bd95202eb7ccbb8b851dd797f75aa2cce242d0afd2

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:40 GMT
Server: ATS/7.1.2.128
Age: 1
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 265ms
99ms XHR
application/json 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691510171713aaede3c85d0ab0026&pos=desktop_mpu_puff_15&cmd=bid&secure=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: 4525030cea05b69acafaa24a8a68dcf421765aa53c461c40c2d7bd4b07a073a0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:39 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 276ms
111ms XHR
application/json 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691510171713aaede3c85d0ab0026&pos=desktop_leader_very_bottom&cmd=bid&secure=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: e86dc3e8811c9d618822d2d46d4c930fbc50f92b1788e4ae9c3c34afd874caac

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:39 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 398ms
98ms XHR
application/json 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691510171713aaede3c85d0ab0026&pos=desktop_sky_left_top&cmd=bid&secure=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: a28bdcd6f4cc58a424b0f203aab540996bd40b3c9e94fbfa5397e80efb539da9

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:40 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 413ms
113ms XHR
application/json 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691510171713aaede3c85d0ab0026&pos=desktop_sky_right_top&cmd=bid&secure=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: 4e8cd0103df59ec6a83fe58337a67ed38e2e92e3b51a101fa773f5ee1a464ef3

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:40 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
481 B 317ms
142ms XHR
application/json 3.125.137.77

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=4.13.0-mol-1&referrer=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&tmax=3000

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.125.137.77 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:40 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 26 KB
6 KB 259ms
101ms XHR
application/json 185.33.221.15

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

301bcaba167a487d6f4addb25f0dc477e34024742512d67fc77f6f9b8c62b50d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:39 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.109:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: bb8186f2-ef53-4476-8bf4-b9e04561ee1e
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 25 KB
6 KB 271ms
114ms XHR
application/json 185.33.221.15

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ed2304df4683b846b913de22a824f220f30a2a706c45a89905647e55d218e692

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 04 May 2021 11:20:39 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.7:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 701dcce9-c668-4ece-8c8f-5f1afd5f8820
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bid Show response
krk.kargo.com/api/v2/ 2 B
682 B 300ms
43ms XHR
application/json 18.195.223.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://krk.kargo.com/api/v2/bid?json=%7B%22sessionId%22%3A%22d11e6219-4a80-4aeb-a68b-97e930335a91%22%2C%22requestCount%22%3A0%2C%22timeout%22%3A3000%2C%22currency%22%3A%22USD%22%2C%22cpmGranularity%22%3A1%2C%22timestamp%22%3A1620127239721%2C%22cpmRange%22%3A%7B%22floor%22%3A0%2C%22ceil%22%3A20%7D%2C%22bidIDs%22%3A%7B%22138c3efbe618e45c%22%3A%22_qHs31JqZVr%22%7D%2C%22bidSizes%22%3A%7B%22138c3efbe618e45c%22%3A%5B%5B300%2C250%5D%5D%7D%2C%22prebidRawBidRequests%22%3A%5B%7B%22bidder%22%3A%22kargo%22%2C%22params%22%3A%7B%22placementId%22%3A%22_qHs31JqZVr%22%7D%2C%22userId%22%3A%7B%22pubcid%22%3A%229ed8e953-8af2-41f9-b473-9f6b80c8980d%22%7D%2C%22userIdAsEids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%229ed8e953-8af2-41f9-b473-9f6b80c8980d%22%2C%22atype%22%3A1%7D%5D%7D%5D%2C%22mediaTypes%22%3A%7B%22banner%22%3A%7B%22sizes%22%3A%5B%5B300%2C250%5D%5D%7D%7D%2C%22adUnitCode%22%3A%22mpu_mobile_top%22%2C%22transactionId%22%3A%22c4b13296-f1ee-4629-b238-c868d7de7b69%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%5D%2C%22bidId%22%3A%22138c3efbe618e45c%22%2C%22bidderRequestId%22%3A%2213738ec0320534b3%22%2C%22auctionId%22%3A%221%22%2C%22src%22%3A%22client%22%2C%22bidRequestsCount%22%3A2%2C%22bidderRequestsCount%22%3A1%2C%22bidderWinsCount%22%3A0%7D%5D%2C%22userIDs%22%3A%7B%22crbIDs%22%3A%7B%7D%7D%2C%22krux%22%3A%7B%22userID%22%3Anull%2C%22segments%22%3A%5B%5D%7D%2C%22pageURL%22%3A%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI%22%2C%22rawCRB%22%3Anull%2C%22rawCRBLocalStorage%22%3Anull%7D
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.223.2 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:40 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Krk-No-Bid-Reason: consent
Content-Length: 26
X-Accel-Expires: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 arj Show response
mailonline-uk-d.openx.net/w/1.0/ 172 B
560 B 232ms
58ms XHR
application/json 35.244.159.8

General

Check archive.org

Show headers Download Go to

Full URL: https://mailonline-uk-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c2c592bb-5e1b-4ec1-8e4b-af2a911df564%2Cc2c592bb-5e1b-4ec1-8e4b-af2a911df564%2Cb36aed62-f4c2-4f72-ab7e-82be3883c739%2Cb36aed62-f4c2-4f72-ab7e-82be3883c739%2Ccd8af826-ea63-4b75-8bd4-a904627c3f17%2Ccd8af826-ea63-4b75-8bd4-a904627c3f17%2C09ea665e-57ea-4852-a07b-21387ee39012%2C09ea665e-57ea-4852-a07b-21387ee39012%2C2d70e751-7c17-4429-b694-7da1e8fc352b%2C2d70e751-7c17-4429-b694-7da1e8fc352b%2C75de1ee5-194d-40c4-ad55-640266d77a8f%2C75de1ee5-194d-40c4-ad55-640266d77a8f%2C042b9668-53f7-4689-b251-9103fce518f9%2C042b9668-53f7-4689-b251-9103fce518f9%2Cc4b13296-f1ee-4629-b238-c868d7de7b69%2Cc4b13296-f1ee-4629-b238-c868d7de7b69%2C180c94d4-68a3-43d3-903b-4afcd1a6fc57%2C180c94d4-68a3-43d3-903b-4afcd1a6fc57&nocache=1620127239725&pubcid=9ed8e953-8af2-41f9-b473-9f6b80c8980d&aus=728x90%7C728x90%7C300x250%7C300x250%7C300x250%2C300x600%7C300x250%2C300x600%7C300x250%7C300x250%7C300x250%7C300x250%7C160x600%2C120x600%7C160x600%2C120x600%7C160x600%2C120x600%7C160x600%2C120x600%7C300x250%7C300x250%7C300x250%7C300x250&divIds=leader_wide%2Cleader_wide%2Cmpu_middle%2Cmpu_middle%2Cmpu_puff_15%2Cmpu_puff_15%2Cmpu_puff_20%2Cmpu_puff_20%2Cmpu_puff_45%2Cmpu_puff_45%2Csky_left_top%2Csky_left_top%2Csky_right_top%2Csky_right_top%2Cmpu_mobile_top%2Cmpu_mobile_top%2Cmpu_top%2Cmpu_top&auid=540437664%2C540437664%2C538767661%2C538767661%2C538767663%2C538767663%2C538767664%2C538767664%2C538767666%2C538767666%2C538767667%2C538767667%2C538767668%2C538767668%2C538767673%2C538767673%2C539384359%2C539384359
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 7f97d48303a312437ef3739a1f61deada231e334e85ecc6aaec5af57793e4545

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: gzip
server: OXGW/16.206.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 162
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 26 B
376 B 449ms
293ms XHR
application/json 184.25.115.31

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=193651&v=7.2&r=%7B%22id%22%3A%22158f6567c2b92d4a%22%2C%22imp%22%3A%5B%7B%22id%22%3A%221597d77b0716b06c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193651%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22160508a63b757d4c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193651%22%2C%22sid%22%3A%22900x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A900%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221619df2ab601edc9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193651%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22162c6722c161504b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193651%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221632a0822e31110c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193651%22%2C%22sid%22%3A%22900x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A900%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22164eb0b860ee3fd9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193651%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221650485578b0d27b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193657%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221664da6b144502e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193657%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22167ac3583ca2c83%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193661%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22168315c7fa19e7b9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193661%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221694c2435a29b0ee%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193661%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22170a9fba3a907ae%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193661%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221714009734bad2f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193664%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22172e7a8481cb5d82%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193664%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2217378e735be8cba%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193664%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22174319de35da5a28%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193664%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22175302916f2a7c94%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193665%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221760f23fc1d2e12c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193665%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221778f51fd60b6101%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193667%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22178bebe267d98ce3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193667%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22179350ac704b85f7%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193673%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221806ee6dccfc08%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193673%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2218181b00bb4b87b2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193673%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22182ef0d2000b701e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193673%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221839f14f1e353da6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193648%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22184719728031d839%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193648%22%2C%22sid%22%3A%22900x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A900%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22185f339083b754d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193648%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221867cb633fc30a55%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193648%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2218751fd89bce5eb4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193648%22%2C%22sid%22%3A%22900x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A900%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2218867fbc69560d4c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193648%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22189cf55fff2a7578%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193670%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22190606c939185fd2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193670%22%2C%22sid%22%3A%22120x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A120%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2219138d7452fdcfd9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193670%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22192e3d6a976daa73%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193670%22%2C%22sid%22%3A%22120x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A120%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22193330c41d01b806%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193671%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2219493016a87b7d48%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193671%22%2C%22sid%22%3A%22120x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A120%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221953046e1209734a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193671%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22196a472b40e6adc%22%2C%22ext%22%3A%7B%22siteID%22%3A%22193671%22%2C%22sid%22%3A%22120x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A120%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%7D&ac=j&sd=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.25.115.31 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a184-25-115-31.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6264e9823efd518d4428f9469b663c3ca302be4988f6597839b6ec27415dc4e6

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:40 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[AT], RC:[], CN:[EU], CIP:[89.187.168.226], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.dailymail.co.uk
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 46
x-ak-client-geo: 12
expires: Tue, 04 May 2021 11:20:40 GMT

POST
H2 200 bid-request Show response
a.teads.tv/hb/ 16 B
251 B 241ms
92ms XHR
application/json 184.30.21.51

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.21.51 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a184-30-21-51.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Tue, 04 May 2021 11:20:39 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 234ms
73ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=UE1ipEDEKoyyb15cvRxTAmVB&bidId=2056bb5e69ad121d&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 221ms
62ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=6QzdTnugEKMYiUEr5bbKJmmS&bidId=206790a420bc4a79&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 219ms
61ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=YAXW2p8nPTWGVCrPcj5NrxpA&bidId=2075a95d29054fe8&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 230ms
74ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=M46LPS2pKznZDhrVQRRVFfdn&bidId=208b15a87258a0cc&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 217ms
61ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=9gB7gxs6pHmD6t77SUopsddr&bidId=209f643563b18ec8&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 217ms
61ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=77KLm6Ar3LiwYgCjLn6WXoM1&bidId=2109d0603b43fe23&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 236ms
81ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=77KLm6Ar3LiwYgCjLn6WXoM1&bidId=211a0dea597378b3&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 253ms
99ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=t7x4dsgHox9LRR8hNFR7Yyzv&bidId=212b87ea10b4c33d&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 228ms
74ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=mDYufSNjn6gUsPvDghG42mG6&bidId=2130dcfb82adf619&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
117 B 214ms
61ms XHR
text/plain 35.158.21.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=mDYufSNjn6gUsPvDghG42mG6&bidId=214105c634bda416&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.13.0-mol-1&strVersion=3.2.1&secure=true
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.21.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
date: Tue, 04 May 2021 11:20:39 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 200 RQAJ2-Q4TGF-HEKJL-TAEAK-5V3VD Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 120ms
2ms Script
application/javascript 2a02:26f0:6c00:2b9::11a6

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/RQAJ2-Q4TGF-HEKJL-TAEAK-5V3VD
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:39 GMT
content-encoding: br
last-modified: Mon, 28 Dec 2020 15:00:25 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H2 200 ga.js Show response
google-analytics.com/ 45 KB
17 KB 69ms
34ms Script
text/javascript 2a00:1450:4001:802::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/ga.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5080
date: Tue, 04 May 2021 09:56:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Tue, 04 May 2021 11:56:00 GMT

GET
H2 200 fbds.js Show response
connect.facebook.net/en_US/ 4 KB
3 KB 26ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbds.js

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

Resource Hash

28dc67ccab666c46cfb930276b96b6032720d9e114a6950092241f73a6d7ae1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ozK4aVtfeAmzK/v4Bk86Bw==
cross-origin-resource-policy: cross-origin
expires: Tue, 04 May 2021 11:36:20 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 2118
x-fb-rlafr: 0
x-fb-debug: abyucTqG03Yu/Tl+vwTAywyyOGM0te12kbgh4heUGfBS0yYwRT5LQS0hzGC36bMjMJd04r/K1ldegR1iakSJNA==
x-fb-trip-id: 686109401
x-fb-content-md5: 998e967c38e59adc89d5b68c94c9c9eb
date: Tue, 04 May 2021 11:20:40 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "65a42a2667b3cbbf36571d40e823fc06"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 masthead_wires_reuters.png
i.dailymail.co.uk/i/pix/channelheaders/ 30 KB
31 KB 22ms
12ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/pix/channelheaders/masthead_wires_reuters.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: fe92185d07ca1bdd4c5fb355805bd21b3d46fe37b1d99d453c33716de45b382b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
last-modified: Wed, 23 Jul 2014 15:11:57 GMT
server: AkamaiNetStorage
etag: "1718fa36f7f8ecab528991944a8241e3:1406128317"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 31005
expires: Thu, 03 Jun 2021 11:20:40 GMT

GET
H2 200 navigation_bottom.gif
scripts.dailymail.co.uk/i/furniture/structure/ 154 B
366 B 19ms
9ms Image
image/gif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scripts.dailymail.co.uk/i/furniture/structure/navigation_bottom.gif
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4eaa63fe224cad73f3348b716855de0ace8a3169abfc0d7b2845d083172f53dd

Request headers

Referer: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
last-modified: Sun, 28 Sep 2008 03:12:58 GMT
server: AkamaiNetStorage
etag: "5ba7c12d8f24c055f60c7793d6990d8b:1222571578"
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 154
expires: Thu, 03 Jun 2021 11:20:40 GMT

GET
H2 200 spt_weather_nav.png
i.dailymail.co.uk/i/furniture/weather/ 2 KB
2 KB 20ms
10ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/furniture/weather/spt_weather_nav.png
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/gunther/17.14.0/all--.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0bf60782546bae441a6ce4783c2169777d728af37759e9805acbdaa48122cf36

Request headers

Referer: https://scripts.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
last-modified: Wed, 23 Dec 2009 12:07:55 GMT
server: AkamaiNetStorage
etag: "2a0a9e4a75bf8d1c816c273119256500:1261570075"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 2301
expires: Thu, 03 Jun 2021 11:20:40 GMT

GET
H2 200 5f42864d-a421-4f37-9478-00266f871d68-web.js Show response
cdn.permutive.com/ 799 KB
156 KB 408ms
81ms Script
application/javascript 104.19.150.54

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/5f42864d-a421-4f37-9478-00266f871d68-web.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.150.54 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 6307b1ac082c5891b4daba102ba86b20ae4e99562429dc5ffc3cee7243c0a255

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: 5f42864d-a421-4f37-9478-00266f871d68
age: 1675
x-guploader-uploadid: ABg5-UwYi0whmTd66PY_CLx8bR5vLGGwJ7q2UpIrYsy-_mpm7pmzJCvZuhu-saLa268sTMJw8AlTOrgahM9wRhcvsvg
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/javascript
cf-request-id: 09d8b4e8b900002b16c7b34000000001
last-modified: Tue, 04 May 2021 10:52:41 GMT
server: cloudflare
etag: W/"47b01e35e0d946f9841d3d1762b9083a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=gNcp8w==, md5=R7AeNeDZRvmEHT0XYrkIOg==
x-goog-generation: 1620125561798715
cache-control: public, max-age=300
x-goog-stored-content-length: 172540
cf-ray: 64a1575459222b16-FRA
expires: Tue, 04 May 2021 11:25:40 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/prebid/
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=
https://ib.adnxs.com/prebid/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=a3fd7c73-1468-4a2b-a3c1-b6278455249a

43 B
1 KB

86ms
85ms

Image
image/gif

185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/prebid/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=a3fd7c73-1468-4a2b-a3c1-b6278455249a

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:40 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.56:80
AN-X-Request-Uuid: d7c5d9e7-49d1-4cc5-975d-12469419c2ee
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/prebid/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=a3fd7c73-1468-4a2b-a3c1-b6278455249a
date: Tue, 04 May 2021 11:20:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 spt_socialicons_40x40eachbttn9.png
i.dailymail.co.uk/i/furniture/articles/ 26 KB
26 KB 11ms
11ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/furniture/articles/spt_socialicons_40x40eachbttn9.png
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-async-bundle/6.19.2/articleDefer.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3381376497b5b338f301a29f4b399d81331e55a568f02df5db466149e5826f13

Request headers

Referer: https://scripts.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
last-modified: Thu, 17 May 2018 13:20:45 GMT
server: AkamaiNetStorage
etag: "bab988d64a75ef93640c8ed16e05987b:1526563245"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 26818
expires: Thu, 03 Jun 2021 11:20:40 GMT

GET
DATA 200
OK truncated
/ 233 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b707cea228ebd1afe82a1840449e8c14d79bb62ec828d1ca7c3b6832a6905133

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 663 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: deb959c047f364b4d81eb0b735fd60c7172cb808ddad43546948d90a38ad362e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 44 KB
44 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0a9ac514283709cb85750e1a15f4ed549be7d0caa7711a70a3249d15538ac44

Request headers

Origin: https://www.dailymail.co.uk
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 41 KB
41 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0b7e7d1bedae2fca5895468c68d7a3f06c5fa573a19fbdc1ea4da51441d59458

Request headers

Origin: https://www.dailymail.co.uk
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: font/woff

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/dailymail-row/ 413 KB
38 KB 36ms
35ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/dailymail-row/loader.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ce94f291de273c1242f831b12c3a40f016fe7d9307c6ffbc41e3de08c658cca0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: _j0928o7GK3ezqoQYKQd_nfxKbRbEITD
content-encoding: gzip
etag: "5ee360003a6153920809f4716c8321c9"
age: 30
x-cache: HIT
content-length: 38462
x-amz-id-2: X5BDFeQGA1YorLY9iaUxWNVLTKEvykvw7SfpRlVdPLOuWKt0lyO2OMy2ynxU6u6MH5vemGGZsrI=
x-served-by: cache-fra19126-FRA
last-modified: Mon, 03 May 2021 20:22:54 GMT
server: AmazonS3
x-timer: S1620127240.442449,VS0,VE1
date: Tue, 04 May 2021 11:20:40 GMT
vary: Accept-Encoding
x-amz-request-id: 2D450Z09DJ46EPD8
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 73
x-cache-hits: 1

GET
H2 200 comment_ticker.png
i.dailymail.co.uk/i/furniture/comments/articles/ 85 B
297 B 10ms
9ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/furniture/comments/articles/comment_ticker.png
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/gunther/17.14.0/rc-main--.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 541c63ae81fe7799a19523dc8f2500646043eaa70d36985c3f2fc86264e4e71e

Request headers

Referer: https://scripts.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
last-modified: Tue, 28 Feb 2017 12:52:42 GMT
server: AkamaiNetStorage
etag: "18d36c5e83cfde23a9f5103f33f6ad32:1488286362"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 85
expires: Thu, 03 Jun 2021 11:20:40 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5887b03f44a197fcdc5400caec10de1c69f29619c1fdc868d4d461130e0f9efc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 spt_rndcorner_4.png
i.dailymail.co.uk/i/furniture/corners/ 3 KB
3 KB 9ms
9ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/furniture/corners/spt_rndcorner_4.png
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/gunther/17.14.0/all--.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: be6aaae29a207bdea28a1e545c6f5652abcd30845290ec990892805c895d78f6

Request headers

Referer: https://scripts.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
last-modified: Mon, 06 Nov 2017 11:54:17 GMT
server: AkamaiNetStorage
etag: "8709d0e0c6ea65aa87db0884a31b5355:1509969257"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 2998
expires: Thu, 03 Jun 2021 11:20:40 GMT

GET
DATA 200
OK truncated
/ 504 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a745591034534431b4e5e32815599cef3101631f9e6a9052a687d96dac1a3ea

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62675c01ca7a9e7af102c699f55fa970eee7f0106984839722e018e733744c03

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 996 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f650676047609c72f3c893b13a7148916bb0a9a5ff1f6ca9c531d07038ba31ae

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 868 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4717410c1ef684a572d4662c8bc6860a753e6ea7e9640d699c4f2a0e4d08c9e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b27cc2654c00d737f49cb68b74ba7893c151612b1ad52543f4691f67db0cdf97

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 hit.gif
uk-script.dotmetrics.net/ 43 B
1 KB 71ms
70ms Image
image/gif 143.204.202.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uk-script.dotmetrics.net/hit.gif?id=4615&url=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&dom=www.dailymail.co.uk&r=1620127240763&pvs=1&pvid=ko9xxflnakk4uc3104&c=true
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.202.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-19.fra53.r.cloudfront.net
Software: Kestrel /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
dotmetrics-hit-status: 01 OK
server: Kestrel
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
p3p: policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
cache-control: no-cache
content-type: image/gif
x-amz-cf-id: 46LO7K0g_I7Ot42jAplahZ684VyhINL5cZD4Rt4hJnd-ah6Y9vzFfA==

GET
H2 200 pubads_impl_2021042801.js Show response
securepubads.g.doubleclick.net/gpt/ 300 KB
106 KB 145ms
51ms Script
text/javascript 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

1c2525b3e7631f2411872aac663bded4c73bd4e4f26182862b28db7f406d1c61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 28 Apr 2021 08:37:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108145
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:40 GMT

GET
H2 200 adsm.macro.rmb.js Show response
macro.adnami.io/macro/gen/ 55 KB
15 KB 17ms
15ms Script
application/javascript 2606:4700::6812:5ba

General

Check archive.org

Show headers Download Go to

Full URL: https://macro.adnami.io/macro/gen/adsm.macro.rmb.js
Requested by: Host: macro.adnami.io
URL: https://macro.adnami.io/macro/spec/adsm.macro.4111597d-dc70-4fd8-b25e-7d24d8423e73.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:5ba , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: beb8f13e1d8ba94cff41b15550fb8091ebd72488d9f7a9bb72345d34427cfd66

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 04 May 2021 11:20:40 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: FNtO5ptK3MW0miQyJZmqSA==
age: 2307
content-disposition
cf-request-id: 09d8b4ea9700002c0dec0fd000000001
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 28 Apr 2021 12:34:47 GMT
server: cloudflare
etag: W/"0x8D90A4202AE41E7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: 0396addd-901e-002f-302b-3cf1b7000000
cache-control: public, max-age=14400
x-ms-version: 2014-02-14
cf-ray: 64a157575ed22c0d-FRA
expires: Tue, 04 May 2021 15:20:40 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 124ms
41ms XHR
application/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 82660
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Mon, 03 May 2021 17:52:32 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: HAM50-C1
x-amz-cf-id: J_rU9ILTeASPKm4b6jP7WamK3Woa08ZOP4NuSrvrHWBRQvLTyo8Pqw==

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2087108480&utmhn=www.dailymail.co.uk&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3639451-1&cid=1471772633.1620127241&jid=850261458&_v=5.7.2&z=2087108480

35 B
113 B

15ms
15ms

Image
image/gif

2a00:1450:400c:c08::9a

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3639451-1&cid=1471772633.1620127241&jid=850261458&_v=5.7.2&z=2087108480

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 04 May 2021 11:20:41 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:40 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3639451-1&cid=1471772633.1620127241&jid=850261458&_v=5.7.2&z=2087108480
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 369
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 42552992-0-image-m-27_1620122325547.jpg
i.dailymail.co.uk/1s/2021/05/04/10/ 6 KB
6 KB 10ms
8ms Image
image/avif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/1s/2021/05/04/10/42552992-0-image-m-27_1620122325547.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7fd43e3acea54953183588fe5cec485479f76ac5e3205511f4a284d1c17856d

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: T0t1epZvvjHHEdVq8JW_8t095XNZ4t1t
last-modified: Tue, 04 May 2021 09:58:57 GMT
server: AmazonS3
x-amz-request-id: F338829FW3FT867B
etag: "049aae4a324e4df0f8dccff01277c8b1"
x-mol-img: avif
content-type: image/avif
cache-control: max-age=2592000
date: Tue, 04 May 2021 11:20:41 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
timing-allow-origin: *
content-length: 6041
x-amz-id-2: VadVuMjp8PL7uKlDUFtWIP3QuC8vPRcrmwEuK7QkRQCC4FFjexSWwwCMI54YTdPFqfh0rEEdb4A=
expires: Thu, 03 Jun 2021 11:20:41 GMT

GET
H2 200 42554204-0-image-m-47_1620124469407.jpg
i.dailymail.co.uk/1s/2021/05/04/11/ 6 KB
6 KB 10ms
8ms Image
image/avif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/1s/2021/05/04/11/42554204-0-image-m-47_1620124469407.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 335d24049e5fdc0dbd9b823cbaaacbb1e3f7fbbf771eb3070643eb7a2d73a2d3

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: _PQ6x1Qtr40oKSdZ6Zgu9TT9SlSjU0cb
last-modified: Tue, 04 May 2021 10:34:36 GMT
server: AmazonS3
x-amz-request-id: 8B9M4ZCWYJXHDSJY
etag: "8759bd79efd0fca8a71d1415a5317086"
x-mol-img: avif
content-type: image/avif
cache-control: max-age=2592000
date: Tue, 04 May 2021 11:20:41 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
timing-allow-origin: *
content-length: 5859
x-amz-id-2: G3d5GCY2GiukU4mCH+CiTMHrD/MCM7SCcROx6gg/aDeWheozIlE1xL8pUFS3t2RxZZ2Oj02ijho=
expires: Thu, 03 Jun 2021 11:20:41 GMT

GET
H2 200 42551768-0-image-m-12_1620119822297.jpg
i.dailymail.co.uk/1s/2021/05/04/10/ 7 KB
7 KB 11ms
10ms Image
image/avif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/1s/2021/05/04/10/42551768-0-image-m-12_1620119822297.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7607354f1674f61e3877bb6c54e22fef5f5b6b614ce6ec9a36869dffbbfaf9e

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: KoTQCIyZTjS7Nkbd2E5UWWsKvcKADIJf
last-modified: Tue, 04 May 2021 09:17:08 GMT
server: AmazonS3
x-amz-request-id: 40QM7CN8P7CBGAK7
etag: "e229e14113d2f85c12044a06605cac70"
x-mol-img: avif
content-type: image/avif
cache-control: max-age=2592000
date: Tue, 04 May 2021 11:20:41 GMT
x-amz-replication-status: PENDING
accept-ranges: bytes
timing-allow-origin: *
content-length: 6659
x-amz-id-2: jHPS7I3eEn55H32X2adGfvCfkFjkybwFieeYMD5v6dth1MLSRxfv9KKT1bc1XQAXzKY2EcUPTbE=
expires: Thu, 03 Jun 2021 11:20:41 GMT

GET
H2 200 42532618-0-image-m-34_1620079343406.jpg
i.dailymail.co.uk/1s/2021/05/03/23/ 10 KB
11 KB 12ms
10ms Image
image/avif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/1s/2021/05/03/23/42532618-0-image-m-34_1620079343406.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 03fc1e182139635f952dbf3dd180dac3a07a85f3b8a56c71b159df59e4016f4e

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 5s4rhOiBgwUPjiZcAm6tEBB_SAfjrRQo
last-modified: Mon, 03 May 2021 22:02:35 GMT
server: AmazonS3
x-amz-request-id: YKZA2ZVXCDZCZJHS
etag: "c0bacaa59a4b776c990df3a7c0f050fe"
x-mol-img: avif
content-type: image/avif
cache-control: max-age=2592000
date: Tue, 04 May 2021 11:20:41 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
timing-allow-origin: *
content-length: 10701
x-amz-id-2: xSHZYsn1XX9pfWoqRTDbRAZ4TbUqLHzlab+vgc3uA+LA0ZmssI82UcAxy7Ww3+0DgC68jK1sHNQ=
expires: Thu, 03 Jun 2021 11:20:41 GMT

GET
H2 200 42539138-0-image-a-50_1620093609984.jpg
i.dailymail.co.uk/1s/2021/05/04/03/ 11 KB
11 KB 12ms
11ms Image
image/avif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/1s/2021/05/04/03/42539138-0-image-a-50_1620093609984.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e78b4233fc1f29fc76c418ae37106efe76bf875fbd9f88f38f2202a604462cbd

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Hozf3um7uLr5WbgtEcyxFsGHp.vECAZR
last-modified: Tue, 04 May 2021 02:00:11 GMT
server: AmazonS3
x-amz-request-id: CPQ6H1EBCK6G772S
etag: "ded18d0ca5ec586ca4a233ec124b0830"
x-mol-img: avif
content-type: image/avif
cache-control: max-age=2592000
date: Tue, 04 May 2021 11:20:41 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
timing-allow-origin: *
content-length: 10918
x-amz-id-2: l5GGYr7PQo3WSv3duWuVRS/k2f9IgXSeABjz7T+1AWbHezTAOzgxqVZRe+cbDJIQ5DMkQhsJLco=
expires: Thu, 03 Jun 2021 11:20:41 GMT

GET
H2 200 42530172-0-image-m-4_1620075306323.jpg
i.dailymail.co.uk/1s/2021/05/03/21/ 11 KB
12 KB 12ms
12ms Image
image/avif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/1s/2021/05/03/21/42530172-0-image-m-4_1620075306323.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fa605eff0219c30d93dede7f120b5a37a686792a5f4f5895cd67290b640c8daa

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: gNJi1vJj_XN66BRLagvgnGfMHIxyceXY
last-modified: Mon, 03 May 2021 20:55:13 GMT
server: AmazonS3
x-amz-request-id: VVKA0J471FC4WJBM
etag: "1f7639391bfaf4e8fbd9d75419c93385"
x-mol-img: avif
content-type: image/avif
cache-control: max-age=2592000
date: Tue, 04 May 2021 11:20:41 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
timing-allow-origin: *
content-length: 11675
x-amz-id-2: 2Fdq1ZRjHZi8mia0hP+agCX5Ym5A+3EagVvpV4JCZHYraGU8iBqOZgs2t4wvdCxg1MdkSBht5Gc=
expires: Thu, 03 Jun 2021 11:20:41 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
374 B 81ms
74ms XHR
text/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3065&u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&pid=x7UANTDU1mzvI&cb=0&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%22billBoard%22%2C%22s%22%3A%5B%22970x250%22%2C%22900x250%22%2C%22728x90%22%5D%2C%22kv%22%3A%7B%22pubcid%22%3A%224714500466%22%7D%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:41 GMT
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: ZYhoRX9BnaHD5x4SDwvJ7zuoWHos-QyhuMyVKRQ2lOGgEg-AiCWo1g==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
374 B 73ms
72ms XHR
text/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3065&u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&pid=x7UANTDU1mzvI&cb=1&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%22mpu_top%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22kv%22%3A%7B%22pubcid%22%3A%224714500466%22%7D%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:41 GMT
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 3MUEmD2AubgcqPeRdjYxwFr9NwxhW11cXTBfT1NyoboQyK1RQrN9iQ==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
374 B 73ms
72ms XHR
text/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3065&u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&pid=x7UANTDU1mzvI&cb=2&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%22half_mpu_top%22%2C%22s%22%3A%5B%22300x150%22%5D%2C%22kv%22%3A%7B%22pubcid%22%3A%224714500466%22%7D%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:41 GMT
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: _ICRId4J1uen7_WJoYBvbQCf2wdOp4d_4nY4ASNwJ9LTsaup1W8WvQ==

GET
H2 200 /
www.facebook.com/tr/ 44 B
409 B 22ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1401367413466420&ev=PixelInitialized&dl=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&rl=&if=false&ts=1620127241052

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 04 May 2021 11:20:41 GMT

GET
H2 200 impl.20210503-25-RELEASE.js Show response
cdn.taboola.com/libtrc/ 483 KB
111 KB 38ms
35ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/dailymail-row/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: e2c8a6402dc03698cede65efa462b014507c82bd6751286fc540b7f20926640b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: BZ0KMUKeiqs.N05C0S8eoKFa.AFxnvmd
content-encoding: br
etag: "48a6932b6e7e53651b1e1ef76e38d9f3"
age: 2387
x-cache: HIT
content-length: 113298
x-amz-id-2: uwbaa1FWEePw2+oq/XtkLmRE/uzL+ZfXXsjhPawXigVvFIbKqPs/2eoc4RJ44kN5ou24TZnhlGg=
x-served-by: cache-fra19126-FRA
last-modified: Mon, 03 May 2021 18:10:43 GMT
server: AmazonS3-br
x-timer: S1620127241.194726,VS0,VE0
date: Tue, 04 May 2021 11:20:41 GMT
vary: Accept-Encoding
x-amz-request-id: RXXNPSCJQ5D6T5AG
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 19
x-cache-hits: 21384

GET
H/1.1

200
OK

setuid
ib.adnxs.com/prebid/
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/appnexusprebidserver/?gdpr=0&euconsent=&us_privacy=&url=https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Dbrightroll%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://ib.adnxs.com/prebid/setuid?bidder=brightroll&gdpr=0&gdpr_consent=&uid=y-NyMyAexE2pGQfNpgHLIvsIGQTOefuoFPCVBlkkIuLpVQvrX8U1bCVfI-~A

43 B
1 KB

72ms
62ms

Image
image/gif

185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/prebid/setuid?bidder=brightroll&gdpr=0&gdpr_consent=&uid=y-NyMyAexE2pGQfNpgHLIvsIGQTOefuoFPCVBlkkIuLpVQvrX8U1bCVfI-~A

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:41 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.47:80
AN-X-Request-Uuid: 20e59ac7-71fc-4fd1-b3e4-5acf5ce5cae6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

date: Tue, 04 May 2021 11:20:41 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://ib.adnxs.com/prebid/setuid?bidder=brightroll&gdpr=0&gdpr_consent=&uid=y-NyMyAexE2pGQfNpgHLIvsIGQTOefuoFPCVBlkkIuLpVQvrX8U1bCVfI-~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
374 B 81ms
81ms XHR
text/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3065&u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&pid=x7UANTDU1mzvI&cb=3&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%22mpu_puff_20%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22kv%22%3A%7B%22pubcid%22%3A%224714500466%22%7D%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:41 GMT
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: JTAqbiiFnN6GQcOIks_q_lsDkg1hR3wxDkZ6nNGF4GILv6axPenduA==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 81ms
14ms Script
application/javascript 2a00:1450:4001:812::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.dailymail.co.uk

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 79ms
17ms Script
application/javascript 2a00:1450:4001:801::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.dailymail.co.uk

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
7 KB 525ms
452ms XHR
text/plain 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1199579513693507&correlator=3205608547827646&output=ldjh&impl=fif&eid=31060689%2C31060958&vrg=2021042801&ptt=17&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=5765%2Cdailymail.uk%2Cdm_dmwires_reutersart%2Cbillboard&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=970x250%7C900x250%7C728x90&prev_scp=pos%3Dbillboard%26amznbid%3D2%26amznp%3D2%26adx_channel%3D8%26nobids%3Dtrue%26refreshCount%3D0%26adNami%3Don&eri=4&cust_params=page%3Dart%26article%3D9539403%26environment%3Dproduction%26country%3Dde%26abv%3D4.1.50%26mvt%3Dpermutive_on%252Cuniversalid_off%252CperfMon_off%252Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters&cookie_enabled=1&cdm=www.dailymail.co.uk&bc=31&abxe=1&dt=1620127241553&dlt=1620127237887&idt=3458&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=197&adks=2059569030&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=www.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&loc=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&vis=1&dmc=8&scr_x=0&scr_y=0&psz=964x250&msz=967x250&ga_vid=1471772633.1620127241&ga_sid=1620127241&ga_hid=243478839&ga_fc=true&fws=4&ohw=967&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

cd87d763235ea7ed7a6683d425d20e324380cc803397951cf30bdeab9a2bb334

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7408
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 64ms
26ms Other
text/html 2a00:1450:4001:82f::2001

General

Check archive.org

Show headers Download Go to

Full URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 34ms
6ms Other
text/html 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 474 B
279 B 673ms
598ms XHR
text/plain 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1199579513693507&correlator=3205608547827646&output=ldjh&impl=fif&eid=31060689%2C31060958&vrg=2021042801&ptt=17&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=5765%2Cdailymail.uk%2Cdm_dmwires_reutersart%2Cbillboard&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ists=1&prev_scp=pos%3Dbillboard%26adx_channel%3D8%26nobids%3Dtrue%26refreshCount%3D0%26adNami%3Don&eri=4&cust_params=page%3Dart%26article%3D9539403%26environment%3Dproduction%26country%3Dde%26abv%3D4.1.50%26mvt%3Dpermutive_on%252Cuniversalid_off%252CperfMon_off%252Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters&cookie_enabled=1&cdm=www.dailymail.co.uk&bc=31&abxe=1&dt=1620127241599&dlt=1620127237887&idt=3458&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=2535171983&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=www.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&loc=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&vis=1&dmc=8&scr_x=0&scr_y=0&psz=964x250&msz=1x1&ga_vid=1471772633.1620127241&ga_sid=1620127241&ga_hid=243478839&ga_fc=true&fws=132&ohw=1600&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

db5725ff5cbac7e7ffdced90a21a9450c0f7ff1d7bcf1fb254ce88cf2d024673

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 249
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
7 KB 1232ms
1157ms XHR
text/plain 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1199579513693507&correlator=3205608547827646&output=ldjh&impl=fif&eid=31060689%2C31060958&vrg=2021042801&ptt=17&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=5765%2Cdailymail.uk%2Cdm_dmwires_reutersart%2Cmpu_top&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x600%7C300x250&prev_scp=pos%3Dmpu_top%26amznbid%3D2%26amznp%3D2%26adx_channel%3D5%26nobids%3Dtrue%26refreshCount%3D0%26adNami%3Don&eri=4&cust_params=page%3Dart%26article%3D9539403%26environment%3Dproduction%26country%3Dde%26abv%3D4.1.50%26mvt%3Dpermutive_on%252Cuniversalid_off%252CperfMon_off%252Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters&cookie_enabled=1&cdm=www.dailymail.co.uk&bc=31&abxe=1&dt=1620127241616&dlt=1620127237887&idt=3458&frm=20&biw=1600&bih=1200&oid=3&adxs=978&adys=533&adks=1681197377&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=www.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&loc=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&vis=1&dmc=8&scr_x=0&scr_y=0&psz=308x623&msz=308x623&ga_vid=1471772633.1620127241&ga_sid=1620127241&ga_hid=243478839&ga_fc=true&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

7556040f100c526d6c43801b49e823496482ff48428f130b3c9ac177fff251c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7642
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 480 B
284 B 628ms
557ms XHR
text/plain 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1199579513693507&correlator=3205608547827646&output=ldjh&impl=fif&eid=31060689%2C31060958&vrg=2021042801&ptt=17&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=5765%2Cdailymail.uk%2Cdm_dmwires_reutersart%2Chalf_mpu_top&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x150&prev_scp=pos%3Dhalf_mpu_top%26amznbid%3D2%26amznp%3D2%26adx_channel%3D16%26nobids%3Dtrue%26refreshCount%3D0%26adNami%3Don&eri=4&cust_params=page%3Dart%26article%3D9539403%26environment%3Dproduction%26country%3Dde%26abv%3D4.1.50%26mvt%3Dpermutive_on%252Cuniversalid_off%252CperfMon_off%252Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters&cookie_enabled=1&cdm=www.dailymail.co.uk&bc=31&abxe=1&dt=1620127241628&dlt=1620127237887&idt=3458&frm=20&biw=1600&bih=1200&oid=3&adxs=974&adys=1288&adks=3385886755&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=www.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&loc=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&vis=1&dmc=8&scr_x=0&scr_y=0&psz=308x6920&msz=308x150&ga_vid=1471772633.1620127241&ga_sid=1620127241&ga_hid=243478839&ga_fc=true&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

f14b93801e9784025c598df03936d07555423601800cf2127a631ce61c6404fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 254
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
374 B 82ms
72ms XHR
text/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3065&u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&pid=x7UANTDU1mzvI&cb=4&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%22mpu_puff_45%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22kv%22%3A%7B%22pubcid%22%3A%224714500466%22%7D%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:41 GMT
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: K4y8EXFyPc_sVDcf942e36OvIuTHbBcXQSEl_KMMy1fmgDJeYUdKxQ==

POST
H2 202 /
crta.dailymail.co.uk/ 8 B
574 B 100ms
91ms Ping
text/plain 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://crta.dailymail.co.uk/
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: http-to-kafka/0.8.10 /
Resource Hash: a00fb0c50741f81bb51d35b4475a4357f8039aabd896a21036bc516839401595

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:42 GMT
server: http-to-kafka/0.8.10
etag: W/"8-YaBXLEiT7zQxEyDYTILfiL6oPhE"
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 8
expires: Tue, 04 May 2021 11:20:42 GMT

GET
H2 200 json Show response
trc.taboola.com/dailymail-row/trc/3/ 33 KB
11 KB 775ms
772ms XHR
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/dailymail-row/trc/3/json?tim=13%3A20%3A42.036&lti=deflated&data=%7B%22id%22%3A573%2C%22ii%22%3A%22%2Fwires%2Freuters%2Farticle-9539403%2Fbrazils-itau-beats-estimate-lower-provisions-trading-gains.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1620073368939%2C%22vi%22%3A1620127240934%2C%22cv%22%3A%2220210503-25-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A24476%2C%22qs%22%3A%22%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2v%22%2C%22s%22%3A15%2C%22uim%22%3A%22autosized-generated-text-under-1r-row%3Aabp%3D0%22%2C%22uip%22%3A%22desktop-wide%22%2C%22orig_uip%22%3A%22wide%22%2C%22cd%22%3A1375%2C%22mw%22%3A632%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A3%2C%22uim%22%3A%22thumbnails-b%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%202nd%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%202nd%22%2C%22cd%22%3A1401%2C%22mw%22%3A636%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: eec240d95dc4123e12c232d801fa065378ed177c43ce59b9f150f4a83d77f69f

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 736
date: Tue, 04 May 2021 11:20:42 GMT
content-encoding: gzip
server: nginx
x-timer: S1620127242.061661,VS0,VE736
x-served-by: cache-fra19126-FRA
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
8 KB 1134ms
1129ms XHR
text/plain 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1199579513693507&correlator=3205608547827646&output=ldjh&impl=fif&eid=31060689%2C31060958&vrg=2021042801&ptt=17&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=5765%2Cdailymail.uk%2Cdm_dmwires_reutersart%2Cmpu_puff_20&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x600%7C300x250&prev_scp=pos%3Dmpu_puff_20%26amznbid%3D2%26amznp%3D2%26adx_channel%3D6%26nobids%3Dtrue%26refreshCount%3D0%26adNami%3Don&eri=4&cust_params=page%3Dart%26article%3D9539403%26environment%3Dproduction%26country%3Dde%26abv%3D4.1.50%26mvt%3Dpermutive_on%252Cuniversalid_off%252CperfMon_off%252Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters&cookie_enabled=1&cdm=www.dailymail.co.uk&bc=31&abxe=1&dt=1620127242124&dlt=1620127237887&idt=3458&frm=20&biw=1600&bih=1200&oid=3&adxs=978&adys=4043&adks=2459920819&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=www.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&loc=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&vis=1&dmc=8&scr_x=0&scr_y=0&psz=308x627&msz=308x627&ga_vid=1471772633.1620127241&ga_sid=1620127241&ga_hid=243478839&ga_fc=true&fws=4&ohw=1600&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

135972483c23583574b80b408a96b6e2f1f67969574a4f99d631b51fcd52fb85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7772
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 5 KB
2 KB 63ms
13ms XHR
application/json 2a02:26f0:6c00:1bb::11a6

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=RQAJ2-Q4TGF-HEKJL-TAEAK-5V3VD&d=www.dailymail.co.uk&t=5400424&v=1.720.0&sl=0&si=8e881b45-9bef-4cbb-afc7-2488810ab7ed-qsky6c&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=145913
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/RQAJ2-Q4TGF-HEKJL-TAEAK-5V3VD
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: aad096b49b7670b5ce86a47bf59d2ded3754eb187dc7dac160336e5bd08ccd47

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:42 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1334

GET
H2 200 navigation_bottom.gif
www.dailymail.co.uk/i/furniture/structure/ 154 B
510 B 19ms
16ms Image
image/gif 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dailymail.co.uk/i/furniture/structure/navigation_bottom.gif
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4eaa63fe224cad73f3348b716855de0ace8a3169abfc0d7b2845d083172f53dd

Request headers

:path: /i/furniture/structure/navigation_bottom.gif
pragma: no-cache
cookie: __utma=141568423.1471772633.1620127241.1620127241.1620127241.1; __utmc=141568423; __utmz=141568423.1620127241.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=141568423.1.10.1620127241; ak_bmsc=115C0ACD1FF7F2A3F76949B03B046F260210BABF1B2000000A2E916033E2680F~plhcqmHV1aOYoBSblYJ260B8V5xJU7LLzt/GbViA6Tpi/f+lQ9/ox/wsH9GpGaeFYRKYIbsOvuCQ1FinTiEgaj1omwyjsukIyZ1EeQkFViSAq+blMhjzgmsQoyARwcTdPRUZ2G1WXwKPV5UQu4xWmXfXvTThKw2l+pJHFopaRMbyjkNsDEIkEr9zbrLOdUo54DMHgnYbskjVSBdsH7Gx+bZZ33Js/3R3AcZS0N0Vyn+wvwaBzTFZScyXe5Ikuh+Du/
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.dailymail.co.uk
referer: https://scripts.dailymail.co.uk/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://scripts.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
content-security-policy-report-only: block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly
last-modified: Tue, 02 Mar 2021 15:44:32 GMT
etag: W/"154-1614699872000"
x-rs-time: Mon, 26 Apr 2021 11-24-38 GMT
vary: User-Agent
content-type: image/gif
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
x-mol-georesp: de
content-length: 154
x-rs-ops: molfejava-a1-fe.hsk.mol.dmgt.net:8081

GET
H2 200 cookie
cm.adform.net/ 43 B
106 B 184ms
49ms Image
image/gif 37.157.2.234

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.234 , Denmark, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 88 KB
22 KB 1447ms
1443ms XHR
text/plain 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1199579513693507&correlator=3205608547827646&output=ldjh&impl=fif&eid=31060689%2C31060958&vrg=2021042801&ptt=17&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=5765%2Cdailymail.uk%2Cdm_dmwires_reutersart%2Cmpu_puff_45&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x600%7C300x250&prev_scp=pos%3Dmpu_puff_45%26amznbid%3D2%26amznp%3D2%26adx_channel%3D11%26nobids%3Dtrue%26refreshCount%3D0%26adNami%3Don&eri=4&cust_params=page%3Dart%26article%3D9539403%26environment%3Dproduction%26country%3Dde%26abv%3D4.1.50%26mvt%3Dpermutive_on%252Cuniversalid_off%252CperfMon_off%252Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters&cookie_enabled=1&cdm=www.dailymail.co.uk&bc=31&abxe=1&dt=1620127242222&dlt=1620127237887&idt=3458&frm=20&biw=1600&bih=1200&oid=3&adxs=978&adys=7204&adks=987221759&ucis=6&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=www.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&loc=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&vis=1&dmc=8&scr_x=0&scr_y=0&psz=308x627&msz=308x627&ga_vid=1471772633.1620127241&ga_sid=1620127241&ga_hid=243478839&ga_fc=true&fws=4&ohw=1600&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

3bdcbfffbefca1c60d3f03814cf0cd078093fdfea775bc024903d56c4be1fdee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22949
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 77F9 6 KB
3 KB 28ms
7ms Document
text/html 2a00:1450:4001:82f::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 04 May 2021 11:20:41 GMT
expires: Wed, 04 May 2022 11:20:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 watermark.jpeg
i.dailymail.co.uk/i/pix/i/charity/ 20 KB
20 KB 16ms
11ms Image
image/jpeg 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/pix/i/charity/watermark.jpeg
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.desktop.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 807c09d7ff525875c105287afb98f3ce3f06de3fe83d7d3e8828a4518aff988a

Request headers

Referer: https://scripts.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
last-modified: Tue, 24 Apr 2018 10:53:49 GMT
server: AkamaiNetStorage
etag: "d925cf2c847dcf5c4751c7ed298fe736:1524567229"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 20547
expires: Thu, 03 Jun 2021 11:20:42 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 18ms
13ms Script
text/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

94442ab42e60dd5c6c276c1777c56fc3f9dff44e999524ca6431af82a9bff9af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620056503243602"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28014
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:42 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
373 B 72ms
72ms XHR
text/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3065&u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&pid=x7UANTDU1mzvI&cb=5&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%22sky-left%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%2C%22300x250%22%5D%2C%22kv%22%3A%7B%22pubcid%22%3A%224714500466%22%7D%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 111041158b9290ae7cc0c6da69d7c4f5600e8a73b4c7399d675df7f15ba7b063

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: EvbA0l6R7lN9qe83xAo5iqsj7w4KOa_cCUCPN2JYdm6Ni2ZN3PKgbQ==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
375 B 90ms
75ms XHR
text/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3065&u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&pid=x7UANTDU1mzvI&cb=6&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%22sky-right%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%2C%22300x250%22%5D%2C%22kv%22%3A%7B%22pubcid%22%3A%224714500466%22%7D%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 0cff03129f16a73a8ff89d06578b0b1a1127bddb582fd05f0ab62f8ccc6b62f7

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: oLHpjHNbjMjJ3NOZlVZgaH0bzjyf-hFJ2Xoq98hZGXu5ZNGUrkU0gw==

GET
H/1.1 200
OK currencyExchangeRate Show response
fff.dailymail.co.uk/ 19 B
287 B 94ms
14ms XHR
application/json 2a02:26f0:6c00:2a6::16c2

General

Check archive.org

Show headers Download Go to

Full URL: https://fff.dailymail.co.uk/currencyExchangeRate
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-fff/1.6.0/scripts/fff.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::16c2 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: f4be37ae6f3da730d311ea6ff931acc51d1ae189ec3c2d28869cb00e536605cd

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:42 GMT
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=32768
Connection: keep-alive
Content-Length: 19
X-rs-ops: fff1-fe:8180

GET
H/1.1 200
OK 1.0.1 Show response
fff.dailymail.co.uk/templates/ 9 KB
2 KB 86ms
7ms XHR
application/json 2a02:26f0:6c00:2a6::16c2

General

Check archive.org

Show headers Download Go to

Full URL: https://fff.dailymail.co.uk/templates/1.0.1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-fff/1.6.0/scripts/fff.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::16c2 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: 6b8474a0f9c6b3c69e02409f7eeb8faa908b8b18e64fdf7cc88a9129585fc7c3

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:42 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2463680
Connection: keep-alive
Content-Length: 1941
X-rs-ops: fff2-fe:8180

GET
H2 200 55199X1584066.skimlinks.js Show response
s.skimresources.com/js/ 51 KB
19 KB 134ms
42ms Script
application/octet-stream 151.139.128.11

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/55199X1584066.skimlinks.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e3cab5c0fd33b6612d1d8852eeac9df1678260388794fa2cad6fa993355192d

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
content-encoding: gzip
last-modified: Wed, 17 Mar 2021 12:12:55 GMT
server: AmazonS3
x-amz-request-id: BDM7B92XQ2HHC0CJ
etag: "a1e2468568f01785fa6f0a1e680d5c99"
x-hw: 1620127242.cds065.am5.hn,1620127242.cds068.am5.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 19436
x-amz-id-2: TPFlWeL3k2zopduyWhbsnw3TglddJoT7g1ppR96SnXXnDeVaVD73XiLWLxvRSkgyHFStssRW0g0=

GET
DATA 200
OK truncated
/ 174 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52efd6959ae8fb441d9b7bce3624bcbda0b601316751028b16b31484124019c5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 chromeless_closer.png
i.dailymail.co.uk/video/ 372 B
584 B 28ms
27ms Image
image/png 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/video/chromeless_closer.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9dff2251abbde2c57b87b8e340e8cc695637fa72f8ff311c61c37b97ec5810c1

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
last-modified: Mon, 01 Jul 2019 16:55:07 GMT
server: AkamaiNetStorage
etag: "8de2a98adb80767b95658b4b19f1342c:1562000107"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 372
expires: Thu, 03 Jun 2021 11:20:42 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/
Redirect Chain

https://sync.search.spotxchange.com/partner?source=dados
https://sync.search.spotxchange.com/partner?source=dados&__user_check__=1&sync_id=c38893f5-acca-11eb-b61c-1d7abbad0206

43 B
608 B

45ms
44ms

Image
image/gif

185.94.180.125

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?source=dados&__user_check__=1&sync_id=c38893f5-acca-11eb-b61c-1d7abbad0206
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.125 , United States, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
Date: Tue, 04 May 2021 11:20:44 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 140
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Tue, 04 May 2021 11:20:42 GMT
Server: nginx
Location: /partner?source=dados&__user_check__=1&sync_id=c38893f5-acca-11eb-b61c-1d7abbad0206
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 28
Connection: keep-alive
Content-Length: 0

GET
H2 200 top-videos.jpg
creative.dailymail.co.uk/videos/ 111 KB
111 KB 44ms
22ms Image
image/jpeg 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creative.dailymail.co.uk/videos/top-videos.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6924aeec6e6de01dfd439327c170d8adc2f9dd8415e9903e3b24f2c3b6506389

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
last-modified: Wed, 01 May 2019 13:28:47 GMT
server: AkamaiNetStorage
accept-ranges: bytes
etag: "41c301b2aac4a100430b42c8cf52583e:1556717327"
content-length: 113532
content-type: image/jpeg

GET
DATA 200
OK truncated
/ 120 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 902899b8dd3a6b30f6bc1be0f39f48ce72d0c41357d8bf521cd86f58bb633b7e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 mol-video.woff
scripts.dailymail.co.uk/static/videoplayer/6.12.0/font/ 3 KB
4 KB 31ms
13ms Font
font/woff 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/font/mol-video.woff
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/styles/mol-fe-videoplayer.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4e89866ffba8b06a31d366ea9f6f5331f87fe29877bfce5381b78a46ddb7fd19

Request headers

Origin: https://www.dailymail.co.uk
Referer: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/styles/mol-fe-videoplayer.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:42 GMT
last-modified: Thu, 17 Dec 2020 10:11:18 GMT
server: AkamaiNetStorage
etag: "485a02e860743f3a21195c18ca687a40:1608199878.346213"
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 3376
expires: Thu, 03 Jun 2021 11:20:42 GMT

GET
H2 200 bridge3.453.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 1BFC 570 KB
570 KB 10ms
9ms Document
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03fa924099182c607c33fb7877f50e7de0ae3522e1bcff8f7247ae5e88a2b25b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.453.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 583201
date: Thu, 29 Apr 2021 15:46:56 GMT
expires: Fri, 29 Apr 2022 15:46:56 GMT
last-modified: Wed, 21 Apr 2021 20:50:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 416026
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 168ms
16ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:43 GMT

POST
H/1.1 200
OK auction Show response
prebid.adnxs.com/pbs/v1/openrtb2/ 162 B
511 B 95ms
84ms XHR
application/json 37.252.161.190

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.adnxs.com/pbs/v1/openrtb2/auction
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.252.161.190 Bethnal Green, United Kingdom, ASN (),
Reverse DNS: prebid.ams1.adnexus.net
Software: nginx/1.19.0 /
Resource Hash: eabb040008026b9d3698e306632d58862ccbab9796ac27113380c921ff530da6

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:43 GMT
Server: nginx/1.19.0
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 162
Expires: 0

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
220 B 289ms
156ms XHR
application/json 3.123.110.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=MailOnline
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.123.110.9 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 avjp Show response
mailonline-uk-d.openx.net/v/1.0/ 106 B
299 B 63ms
60ms XHR
application/json 35.244.159.8

General

Check archive.org

Show headers Download Go to

Full URL: https://mailonline-uk-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b82e7ac3-810b-4803-ac4a-9250c72b38a6&nocache=1620127243009&pubcid=9ed8e953-8af2-41f9-b473-9f6b80c8980d&auid=540675388&vwd=401&vht=225
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:43 GMT
via: 1.1 google
server: OXGW/16.206.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 173 B
386 B 144ms
44ms XHR
application/json 52.28.147.142

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.147.142 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: 7550f69bef2a962b936f0e26638391f81c91c536820c1f3cf2afe748e57df685

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:43 GMT
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
479 B 100ms
92ms XHR
application/json 3.125.137.77

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.125.137.77 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:43 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 26 B
376 B 122ms
115ms XHR
application/json 184.25.115.31

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=293354&v=8.1&r=%7B%22id%22%3A%222280345eecea7888%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22229d458c06ff251f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22293354%22%2C%22sid%22%3A%22401x225%22%7D%2C%22video%22%3A%7B%22startdelay%22%3A0%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A30%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22api%22%3A%5B1%2C2%5D%2C%22w%22%3A401%2C%22h%22%3A225%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%7D&ac=j&sd=1&nf=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.25.115.31 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a184-25-115-31.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9815535e99404269086f21fd8447bd45350e2f2ff9c0eefcaad1e3431838e79c

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:43 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[AT], RC:[], CN:[EU], CIP:[89.187.168.226], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.dailymail.co.uk
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 46
x-ak-client-geo: 12
expires: Tue, 04 May 2021 11:20:43 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 59ms
57ms XHR
application/json 185.33.221.15

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

2178f801607bf5a9518709910037fe7b5c632b08475f88b8bb8bd1e91c629bc5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:43 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.245:80
AN-X-Request-Uuid: 3832cc95-bc3a-4fb1-8cc5-391b82059716
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
373 B 81ms
78ms XHR
text/javascript 52.85.32.122

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3065&u=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&pid=x7UANTDU1mzvI&cb=7&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22id%22%3A%22jw_video_desktop%22%2C%22mt%22%3A%22v%22%2C%22kv%22%3A%7B%22pubcid%22%3A%224714500466%22%7D%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN (),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 8ec3cdfcdc79223ee04ed060812314854cb3b3d9d1914390c755934366fc3693

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:43 GMT
via: 1.1 4151e9c487816c27efe39c7f30779450.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 0IeCyRZsXlgfAPoFATxNlGK32uQ10e7IpNJm-kuYqi55oTwMda-BNA==

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 818D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1

2 KB
3 KB

67ms
67ms

Document
text/html

2.18.234.21

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8ff5d6bef7463c850e8574b6ded6934ae4a7cf8eee235c8a46b44e6d95f4c961

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YJEuC-4uv-Ur8R46BEnRSgAA; CMPS=5181
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 241|45|39|230|188|196|4|31
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1668
Expires: Tue, 04 May 2021 11:20:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:43 GMT
Connection: keep-alive
Set-Cookie: CMID=YJEuC-4uv-Ur8R46BEnRSgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:43 GMT CMPS=5181;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:43 GMT CMPRO=1194;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:43 GMT CMST=YJEuC2CRLgsA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 05 May 2021 11:20:43 GMT CMRUM3=bc60912e0b05a00&e660912e0b27600&f160912e0b05a0&c460912e0b05a0&2760912e0b0b40&1f60912e0b05a00&2d60912e0b05a0&0460912e0b05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:43 GMT

Redirect headers

Server: Apache
Content-Length: 338
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Tue, 04 May 2021 11:20:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:43 GMT
Connection: keep-alive
Set-Cookie: CMID=YJEuC-4uv-Ur8R46BEnRSgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:43 GMT CMPS=5181;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:43 GMT

GET
H/1.1

200

1.gif
id5-sync.com/c/167/0/9/
Redirect Chain

https://id5-sync.com/i/167/9.gif?gdpr=&gdpr_consent=
https://id5-sync.com/c/167/0/9/1.gif?gdpr=1&gdpr_consent=

43 B
1 KB

76ms
73ms

Image
image/gif

54.36.109.49
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/c/167/0/9/1.gif?gdpr=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.49 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:43 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

Location: https://id5-sync.com/c/167/0/9/1.gif?gdpr=1&gdpr_consent=
Date: Tue, 04 May 2021 11:20:42 GMT
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H2 200 preload-inline.gif
i.dailymail.co.uk/i/furniture/fff/ 3 KB
3 KB 14ms
12ms Image
image/gif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/furniture/fff/preload-inline.gif
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: aebc793d0064383ee6b1625bf3bb32532ec30a5c12bf9117066107d412119123

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:43 GMT
last-modified: Tue, 02 Jul 2013 10:22:29 GMT
server: AkamaiNetStorage
etag: "a51c5608d01acf32df728f299767f82b:1372760549"
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 3208
expires: Thu, 03 Jun 2021 11:20:43 GMT

GET
H2 200 black-preload.gif
i.dailymail.co.uk/i/furniture/fff/hub/ 3 KB
3 KB 14ms
10ms Image
image/gif 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/furniture/fff/hub/black-preload.gif
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: babed8ddf22ed2e66590a4f75773661304242a4f4167d52e165652fee492933e

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:43 GMT
last-modified: Tue, 19 Nov 2013 14:19:15 GMT
server: Apache
etag: "37e24e0370847870c1c43ea9ce19b1f4:1384870755"
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 3208
expires: Thu, 03 Jun 2021 11:20:43 GMT

GET
H2 200 script.js Show response
uk-script.dotmetrics.net/Scripts/ 76 KB
34 KB 71ms
66ms Script
application/javascript 143.204.202.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uk-script.dotmetrics.net/Scripts/script.js?v=181
Requested by: Host: uk-script.dotmetrics.net
URL: https://uk-script.dotmetrics.net/door.js?d=www.dailymail.co.uk&t=dmgt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.202.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-19.fra53.r.cloudfront.net
Software: Kestrel /
Resource Hash: 16c5a237be7793a91007520ce4a4bac39d2cb374d602152dd883bd4b8cfefbc1

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:43 GMT
content-encoding: br
last-modified: Wed, 28 Apr 2021 12:38:44 GMT
server: Kestrel
x-amz-cf-pop: FRA53-C1
etag: "1d73c2b6cf453ee"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
accept-ranges: bytes
x-amz-cf-id: 7PAEC6XlP_tNmdxs8h_t6PlkRcoXgwWKDVZN51dDb8gDnZcr1jf5aw==

GET boot
klkstrm.kargo.com/event/ 0
0

GET
H2 200 Kargo-Data.js Show response
storage.cloud.kargo.com/ad/network/tag/ 9 KB
3 KB 52ms
39ms Script
application/javascript 2.16.107.122

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.cloud.kargo.com/ad/network/tag/Kargo-Data.js
Requested by: Host: storage.cloud.kargo.com
URL: https://storage.cloud.kargo.com/ad/network/klick/klick-dailymail.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.107.122 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-16-107-122.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: caefdcc9ae00a197310c0e74d02cc5011a10cf2f7494a3c6e28cd68dc7c37540

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Bfm3L0jDnsh9fppcQIyedbHwx7vy5nUS
content-encoding: gzip
etag: "fce2bfe5d7f2f5df4ae350001ca777a8"
x-amz-request-id: 6182CC903F8653F1
x-amz-replication-status: COMPLETED
vary: Accept-Encoding
content-length: 2363
x-amz-id-2: gifDXkpihBghdLsMT1iWi0abx1sOLRo1EDA3DgsTExxGo9PXitObbaOp+Sm3mDMq9yI+e/5pMMc=
last-modified: Thu, 20 Jun 2019 20:12:08 GMT
server: AmazonS3
date: Tue, 04 May 2021 11:20:43 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1800
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *

GET
H/1.1 200
OK products Show response
fff.dailymail.co.uk/ 2 B
239 B 56ms
55ms XHR
application/json 2a02:26f0:6c00:2a6::16c2

General

Check archive.org

Show headers Download Go to

Full URL: https://fff.dailymail.co.uk/products?articleId=9539403&geo=gb
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-fff/1.6.0/scripts/fff.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::16c2 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
X-rs-ops: fff1-fe:8180
Date: Tue, 04 May 2021 11:20:43 GMT
Connection: keep-alive
Content-Length: 2
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ 19 KB
6 KB 60ms
46ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f2f6d277e9a00330022be2b7ef4441ed84127e2359bfe7f7800c10f294e81917

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: scc9i0WjBcezJETEcKeKlmIHFeg5X8y4
content-encoding: gzip
etag: "559c107d74fc83d8062b2553a1818b07"
age: 23816
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 5911
x-amz-id-2: oaWjtoybwXcf/v4WF3utsrEWOVBLZIrki4l6iAzPN8PIUxUS/oRUXtX5vCXEBwWMVIZpQj6Qwv0=
x-served-by: cache-fra19126-FRA
last-modified: Mon, 03 May 2021 12:43:43 GMT
server: AmazonS3
x-timer: S1620127243.341995,VS0,VE0
date: Tue, 04 May 2021 11:20:43 GMT
vary: Accept-Encoding
x-amz-request-id: 7QP61W5ZQ629Q8FB
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 19
x-cache-hits: 421510

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ 2 KB
1 KB 58ms
46ms Stylesheet
text/css 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 10qGt8O9hKdbB5IigEtXn8Bn._HPfO8j
content-encoding: gzip
etag: "10c372ee2c83a7fd12df18aebc5320c6"
age: 16305
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 719
x-amz-id-2: UmOOaCltTJva9V4gBfdf27Oy7jykaqbYXsCDo0A/soIFodQTYZAaWWoYstK76SsHg3hRgjqb/Fo=
x-served-by: cache-fra19126-FRA
last-modified: Tue, 06 Apr 2021 14:48:01 GMT
server: AmazonS3
x-timer: S1620127243.341979,VS0,VE0
date: Tue, 04 May 2021 11:20:43 GMT
vary: Accept-Encoding
x-amz-request-id: CR41745BE06MC588
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 19
x-cache-hits: 199711

GET
H2 200 tfa-eid.20210503-25-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 13 KB
5 KB 136ms
0ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tfa-eid.20210503-25-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/dailymail-row/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa875d492861f46495b4c8cd49051f6862104712fd8fe34ce63dcc351166468d

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: TWesVkl3fdfm9Gmzntd9IxmdqpEhM2BZ
content-encoding: gzip
etag: "620400f4f1a04b9ffb55ea6211ba10fc"
age: 72
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4867
x-amz-id-2: afxC22iVXF+cBWHX1P0SrnkumAp9DoQL2qRXFGUSQ72neNTOb6d5SH2o5C7L26cZjR29Y7NDtoE=
x-served-by: cache-fra19126-FRA
last-modified: Mon, 03 May 2021 20:17:02 GMT
server: AmazonS3
x-timer: S1620127244.565491,VS0,VE0
date: Tue, 04 May 2021 11:20:43 GMT
vary: Accept-Encoding
x-amz-request-id: KRSEDBQ6TZMF460M
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 19
x-cache-hits: 689

GET
H2 200 tb Show response
15.taboola.com/ 31 KB
9 KB 287ms
62ms XHR
text/html 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tb?oid=15&pubnm=dailymail-row&unitType=226&tbloc=&pageType=text&pstn=Below%20Article%20Thumbnails%202nd&uuip=&cisrf=&cirf=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&encoded=1&uid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&variant=226184|421&callback=TRC.videoTagCallbacks.videoCallback1&cb=1620127243886&tagid=&cntry=AT&platform=1&sesid=8e1dde1f681923780054fdca2139811c&itemid=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&viewid=1620127240934&geolat=&geoing=&deviceifa=&appid=&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ri=ddb5ac1586348bccdffb72467ea9daab&appname=&cdb=&gdprApplies=true&rid=&sii=&oee=true&tpubid=1001083&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=9&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1001079&prcnt=&layer=
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 01672781a7a8a9684a66758cac7f381fd141cae2dff35f4c306a9b7a1d6aa996

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
content-encoding: gzip
access-control-allow-origin: https://www.dailymail.co.uk
machineid: 1450
x-cache: MISS
xvid-debug: mrmr - :
x-served-by: cache-fra19126-FRA
pragma: no-cache
server: nginx
x-timer: S1620127244.126756,VS0,VE21
vary: Accept-Encoding
content-type: text/html;charset=ISO-8859-1
via: 1.1 varnish
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://am-wf.taboola.com>; rel=preconnect
x-cache-hits: 0

GET
H2 200 userx.20210503-25-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 23 KB
8 KB 146ms
62ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20210503-25-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/dailymail-row/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a68a99fa5e2f7dbaa1240e322bf9a26b0c907209de1d31183c81940803855c1c

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: yhlhYur0OS3ud63PPLx5n93jOZxaoB6y
content-encoding: gzip
etag: "d5c3897c8be11208f4494fe8ee3dc427"
age: 73
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 7956
x-amz-id-2: nkf5v9A8KMDTb8mdcsKNelM9QgsOYgF0/x84H88ZTGxKA+QFsqUtTWSXnGECY5Vsad9PplwvCKU=
x-served-by: cache-fra19126-FRA
last-modified: Mon, 03 May 2021 20:16:57 GMT
server: AmazonS3
x-timer: S1620127244.160156,VS0,VE0
date: Tue, 04 May 2021 11:20:44 GMT
vary: Accept-Encoding
x-amz-request-id: B15HS548D9Q87X0Z
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 19
x-cache-hits: 202

GET
H2 200 container.html Show response
babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 606D 6 KB
3 KB 11ms
10ms Document
text/html 2a00:1450:4001:82f::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 04 May 2021 11:20:41 GMT
expires: Wed, 04 May 2022 11:20:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 3
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 37ms
14ms Script
application/javascript 2a00:1450:4001:812::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.dailymail.co.uk

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 32ms
15ms Script
application/javascript 2a00:1450:4001:801::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.dailymail.co.uk

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 362ms
357ms XHR
text/plain 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1199579513693507&correlator=3205608547827646&output=ldjh&impl=fif&eid=31060689%2C31060958%2C44714449&vrg=2021042801&ptt=17&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=5765%2Cdailymail.uk%2Cdm_dmwires_reutersart%2Csky_left_top&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x600%7C160x600%7C120x600%7C300x250&prev_scp=pos%3Dsky_left_top%26amznbid%3D2%26amznp%3D2%26adx_channel%3D3%26nobids%3Dtrue%26refreshCount%3D0%26adNami%3Don&eri=4&cust_params=page%3Dart%26article%3D9539403%26environment%3Dproduction%26country%3Dde%26abv%3D4.1.50%26mvt%3Dpermutive_on%252Cuniversalid_off%252CperfMon_off%252Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters&cookie=ID%3De818bde51609e04a-224d7fc307c8000b%3AT%3D1620127241%3AS%3DALNI_MZCFKvpEAbV_sMhyh-UPR-zm66Svw&cdm=www.dailymail.co.uk&bc=31&abxe=1&dt=1620127244266&dlt=1620127237887&idt=3458&frm=20&biw=1600&bih=1200&oid=3&adxs=3&adys=20&adks=2894056308&ucis=7&ifi=7&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=www.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&loc=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x620&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1471772633.1620127241&ga_sid=1620127241&ga_hid=243478839&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

51c0b2aff96820d7f1f659ace626ea27b5e785e47a66b934ffc3adc38485397f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8920
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
11 KB 538ms
537ms XHR
text/plain 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1199579513693507&correlator=3205608547827646&output=ldjh&impl=fif&eid=31060689%2C31060958%2C44714449&vrg=2021042801&ptt=17&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=5765%2Cdailymail.uk%2Cdm_dmwires_reutersart%2Csky_right_top&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x600%7C160x600%7C120x600%7C300x250&prev_scp=pos%3Dsky_right_top%26amznbid%3D2%26amznp%3D2%26adx_channel%3D20%26nobids%3Dtrue%26refreshCount%3D0%26adNami%3Don&eri=4&cust_params=page%3Dart%26article%3D9539403%26environment%3Dproduction%26country%3Dde%26abv%3D4.1.50%26mvt%3Dpermutive_on%252Cuniversalid_off%252CperfMon_off%252Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters&cookie=ID%3De818bde51609e04a-224d7fc307c8000b%3AT%3D1620127241%3AS%3DALNI_MZCFKvpEAbV_sMhyh-UPR-zm66Svw&cdm=www.dailymail.co.uk&bc=31&abxe=1&dt=1620127244274&dlt=1620127237887&idt=3458&frm=20&biw=1600&bih=1200&oid=3&adxs=1297&adys=20&adks=1812723490&ucis=8&ifi=8&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=www.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html&loc=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x620&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1471772633.1620127241&ga_sid=1620127241&ga_hid=243478839&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

4d0daed9afde019977a90bc831704ebf8ee9082f34895ede507f50ca91e7ff32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11140
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 125ms
34ms Script
text/javascript 2a02:2638::3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 05 May 2021 11:20:44 GMT

OPTIONS
H/1.1 200
OK 225114
search.spotxchange.com/openrtb/2.3/dados/ Frame 0
0 174ms
40ms Preflight
text/plain 185.94.180.124

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/225114
Protocol: HTTP/1.1
Server: 185.94.180.124 , United States, ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-openrtb-version
Origin: https://www.dailymail.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx
Date: Tue, 04 May 2021 11:20:44 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 04 May 2021 11:20:44 GMT
Cache-Control: no-cache, must-revalidate post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: https://www.dailymail.co.uk
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: content-type,x-openrtb-version
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 2592000

POST
H/1.1 204
No Content 225114 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
1 KB 226ms
66ms XHR
application/json 185.94.180.124

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/225114
Requested by: Host: js.spotx.tv
URL: https://js.spotx.tv/directsdk/v1/234272.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 , United States, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
x-openrtb-version: 2.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 04 May 2021 11:20:45 GMT
X-SpotX-Timing-Transform: 0.000589
X-SpotX-Timing-SpotMarket: 0.011146
X-SpotX-Timing-Page-Mux: 0.001066
X-SpotX-Timing-Page-Require: 0.000286
X-fe: 101
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000049
X-SpotX-Timing-Page: 0.016750
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000286
Last-Modified: Tue, 04 May 2021 11:20:45 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.011146
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.dailymail.co.uk
X-SpotX-Timing-Page-Misc: 0.003316
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000011
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 container.html
babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9A9E 6 KB
0 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 04 May 2021 11:20:41 GMT
expires: Wed, 04 May 2022 11:20:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 3
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 DOUBLE-MPU-1.jpg
i.dailymail.co.uk/i/pix/2016/03/23/ 12 KB
13 KB 8ms
7ms Image
image/jpeg 2a02:26f0:1700:1b6::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.dailymail.co.uk/i/pix/2016/03/23/DOUBLE-MPU-1.jpg
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.desktop.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1b6::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 981793c8e58a9ebc2fa825db3f2e1de282a682d2158238d497cca1af74844116

Request headers

Referer: https://scripts.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
last-modified: Tue, 24 Apr 2018 08:44:48 GMT
server: AkamaiNetStorage
etag: "80b954e5f874a18861095c8c9da27bb0:1524559488"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 12558
expires: Thu, 03 Jun 2021 11:20:44 GMT

GET
H2 200 non-responsive-widget.20210503-25-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 18 KB
6 KB 34ms
33ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/non-responsive-widget.20210503-25-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/dailymail-row/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9f31147351a2fec4330638fd6ef826b0122af515b29dc6bc7c0a0a4d2b9187a

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: khSc_GKnwE_xbcN0FYJgsRotGj7Fwq6j
content-encoding: gzip
etag: "9d0eefb9530e16e16dd99f6bb9159fb2"
age: 98
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5667
x-amz-id-2: 9fo4yqOyE/bez47l212ya1KjbUC/LZf4wR7zLE3zQKU7G0NkKpO2acHRVs7dWJE9RGSoGwnLK+s=
x-served-by: cache-fra19126-FRA
last-modified: Mon, 03 May 2021 20:17:16 GMT
server: AmazonS3
x-timer: S1620127245.794690,VS0,VE0
date: Tue, 04 May 2021 11:20:44 GMT
vary: Accept-Encoding
x-amz-request-id: CE2GZ6MNGZQ56RXN
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 19
x-cache-hits: 11

POST
H2 200 sa Show response
ted.dailymail.co.uk/s/ 65 B
734 B 141ms
140ms XHR
application/json 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ted.dailymail.co.uk/s/sa
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/rta2/v-0.58.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 69db3883f8e78925e1aa1d370d19c872391542f220d3ab81a4af30b8047bbe6b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
content-type: application/json
access-control-allow-origin: https://www.dailymail.co.uk
expires: Tue, 04 May 2021 11:20:44 GMT
cache-control: private, no-cache, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, documentReferer
content-length: 65
x-rs-ops: rta2-rufus-a2-fe.hsk.mol.dmgt.net:8180

POST
H2 200 sa Show response
t.dailymail.co.uk/s/ 65 B
736 B 126ms
125ms XHR
application/json 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dailymail.co.uk/s/sa
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/rta2/v-0.58.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8e2dd076b8afdac6697141f79ef8fa559ddf2e243843a72c8a888f1da2819854

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
content-type: application/json
access-control-allow-origin: https://www.dailymail.co.uk
expires: Tue, 04 May 2021 11:20:44 GMT
cache-control: private, no-cache, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, documentReferer
content-length: 65
x-rs-ops: rta2-rufus-c2-fe.rdg.mol.dmgt.net:8180

GET
H2 200 ba6a2acc49824308d4aa0ef4432e70e7.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 10 KB
10 KB 46ms
42ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ba6a2acc49824308d4aa0ef4432e70e7.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 7b447444d5b1400841e82296402ca042c6ffc24f16f30b20bc069bf8c3b27cf0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Tue, 04 May 2021 11:20:44 GMT
via: 1.1 varnish, 1.1 varnish
age: 1244454
edge-cache-tag: 330824232181833155444237948756082044778,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
expiration: expiry-date="Fri, 07 May 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ba6a2acc49824308d4aa0ef4432e70e7.png
content-length: 9920
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Tue, 06 Apr 2021 17:20:03 GMT
server: nginx
x-timer: S1620127245.805171,VS0,VE2
etag: "3c6b96469eaa1f522aa87a3fea42d08f"
x-served-by: cache-wdc5543-WDC, cache-dca17749-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
546 B 261ms
81ms XHR
application/json 76.223.111.131

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=a8r0pns&fmt=json
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: ee2d268e4054421f1102ef38c456f8ebbf54500150c99aaeab813495e3fb1ae4

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Thu, 03 Jun 2021 11:20:44 GMT

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 4890 38 KB
14 KB 176ms
39ms Document
text/html 2.18.233.180

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Last-Modified: Wed, 14 Apr 2021 09:18:30 GMT
ETag: "13006b6-98c2-5bfeb3aef82b4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14060
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=96456
Expires: Wed, 05 May 2021 14:08:20 GMT
Date: Tue, 04 May 2021 11:20:44 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 1900 52 KB
17 KB 197ms
35ms Document
text/html 151.101.113.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Mon, 03 May 2021 04:58:05 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 04 May 2021 11:20:44 GMT
Age: 22957
X-Served-By: cache-lga21934-LGA, cache-hhn4048-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 380646
X-Timer: S1620127245.977510,VS0,VE0
Vary: Accept-Encoding

GET
H2

200

sync Show response
eb2.3lift.com/ Frame 46FB
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

1 KB
1 KB

81ms
42ms

Document
text/html

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c7a40f5d79606b9838630cd0b1776aaf36896964478a8926a28364f97124b2f8

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=2836512862482067061
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

date: Tue, 04 May 2021 11:20:45 GMT
content-type: text/html; charset=utf-8
content-length: 477
set-cookie: sync=CgoIgQIQkMfvuJMvCgoIkQIQkMfvuJMvCgoI4gEQkMfvuJMvCgoIkgIQkMfvuJMvCgoI5gEQkMfvuJMvCgoIhwIQkMfvuJMvCgkIOhCQx--4ky8KCQgLEJDH77iTLwoJCF8QkMfvuJMvCgkIHxCQx--4ky8=; Max-Age=7776000; Expires=Mon, 02 Aug 2021 11:20:45 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=2836512862482067061; Max-Age=7776000; Expires=Mon, 02 Aug 2021 11:20:45 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

date: Tue, 04 May 2021 11:20:44 GMT
content-length: 0
set-cookie: tluid=2836512862482067061; Max-Age=7776000; Expires=Mon, 02 Aug 2021 11:20:44 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

pd Show response
u.openx.net/w/1.0/ Frame 81CB
Redirect Chain

https://u.openx.net/w/1.0/pd
https://u.openx.net/w/1.0/pd?cc=1

668 B
729 B

89ms
55ms

Document
text/html

35.244.159.8

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 6af402bc9fc3ccbe2ce7c64e57671d422cec8f5732261786c84dd561c7641908

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=47bb1989-c9a6-0ca1-1fdf-0ac4d9822bfc|1620127244
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=47bb1989-c9a6-0ca1-1fdf-0ac4d9822bfc|1620127244; Version=1; Expires=Wed, 04-May-2022 11:20:44 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1620127244|gekin0vNiygu; Version=1; Expires=Wed, 19-May-2021 11:20:44 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.206.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 04 May 2021 11:20:44 GMT
content-type: text/html
content-length: 418
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=42402983-e3f1-4f09-82af-00cc456e0c88|1620127244; Version=1; Expires=Wed, 04-May-2022 11:20:44 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.206.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1
date: Tue, 04 May 2021 11:20:44 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 616F 2 KB
1 KB 177ms
36ms Document
text/html 2.18.234.21

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Tue, 04 May 2021 11:20:44 GMT
Connection: keep-alive

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 5FC0 281 B
554 B 176ms
37ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 04 May 2021 11:20:44 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

pd Show response
eu-u.openx.net/w/1.0/ Frame 216A
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1

668 B
717 B

61ms
56ms

Document
text/html

35.244.159.8

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 6af402bc9fc3ccbe2ce7c64e57671d422cec8f5732261786c84dd561c7641908

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=47bb1989-c9a6-0ca1-1fdf-0ac4d9822bfc|1620127244
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=47bb1989-c9a6-0ca1-1fdf-0ac4d9822bfc|1620127244; Version=1; Expires=Wed, 04-May-2022 11:20:44 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1620127244|gekin0vNiygu; Version=1; Expires=Wed, 19-May-2021 11:20:44 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.206.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 04 May 2021 11:20:44 GMT
content-type: text/html
content-length: 418
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=47bb1989-c9a6-0ca1-1fdf-0ac4d9822bfc|1620127244; Version=1; Expires=Wed, 04-May-2022 11:20:44 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.206.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
date: Tue, 04 May 2021 11:20:44 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E4DC 52 KB
17 KB 145ms
34ms Document
text/html 151.101.113.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Mon, 03 May 2021 04:58:05 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 04 May 2021 11:20:44 GMT
Age: 22957
X-Served-By: cache-lga21934-LGA, cache-hhn4068-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 378473
X-Timer: S1620127245.983390,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 7649
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1

2 KB
3 KB

285ms
148ms

Document
text/html

2.18.234.21

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9b4bc82613f21a1099d95ab30cf95d9b26d984cd1723b99ca756c365f5b5e246

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YJEuDBaoH-6AHlDqOKDgawAA; CMPS=5181
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 241|39|45|230|196|111|188|90
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1664
Expires: Tue, 04 May 2021 11:20:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:45 GMT
Connection: keep-alive
Set-Cookie: CMID=YJEuDBaoH-6AHlDqOKDgawAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:45 GMT CMPS=5181;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:45 GMT CMPRO=1137;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:45 GMT CMRUM3=bc60912e0d05a00&e660912e0d27600&f160912e0d05a0&c460912e0d05a0&5a60912e0d05a0&6f60912e0d05a0&2760912e0d0b40&2d60912e0d05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:45 GMT CMST=YJEuDWCRLg0A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 05 May 2021 11:20:45 GMT

Redirect headers

Server: Apache
Content-Length: 338
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Tue, 04 May 2021 11:20:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:44 GMT
Connection: keep-alive
Set-Cookie: CMID=YJEuDBaoH-6AHlDqOKDgawAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:44 GMT CMPS=5181;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:44 GMT

GET
H2

200

sync Show response
eb2.3lift.com/ Frame D5AE
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

1 KB
1 KB

79ms
40ms

Document
text/html

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c7a40f5d79606b9838630cd0b1776aaf36896964478a8926a28364f97124b2f8

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=2836512862482067061
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

date: Tue, 04 May 2021 11:20:45 GMT
content-type: text/html; charset=utf-8
content-length: 477
set-cookie: sync=CgoIgQIQkMfvuJMvCgoIkQIQkMfvuJMvCgoI4gEQkMfvuJMvCgoIkgIQkMfvuJMvCgoI5gEQkMfvuJMvCgoIhwIQkMfvuJMvCgkIOhCQx--4ky8KCQgLEJDH77iTLwoJCF8QkMfvuJMvCgkIHxCQx--4ky8=; Max-Age=7776000; Expires=Mon, 02 Aug 2021 11:20:45 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=2836512862482067061; Max-Age=7776000; Expires=Mon, 02 Aug 2021 11:20:45 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

date: Tue, 04 May 2021 11:20:44 GMT
content-length: 0
set-cookie: tluid=12835026021326206887; Max-Age=7776000; Expires=Mon, 02 Aug 2021 11:20:44 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync Show response
pre.ads.justpremium.com/v/1.0/t/ Frame 0A6D 4 KB
4 KB 96ms
41ms Document
text/html 3.124.9.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aant5u1620127240447
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.9.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2a4e4e918a6f1aaf5a314c46aa8d51fdb73cb0a535dc03f80d96e129861a6aee

Request headers

:method: GET
:authority: pre.ads.justpremium.com
:scheme: https
:path: /v/1.0/t/sync?_c=aant5u1620127240447
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

date: Tue, 04 May 2021 11:20:44 GMT
content-type: text/html; charset=utf-8
cache-control: public, no-cache, no-store, must-revalidate

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 822B 2 KB
1 KB 248ms
35ms Document
text/html 2.18.234.21

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Tue, 04 May 2021 11:20:45 GMT
Connection: keep-alive

GET
H2

200

m7y5t93k
sync-tm.everesttech.net/ct/upi/pid/
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_...

85 B
189 B

41ms
32ms

Image
image/png

151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_test=YJEuDQAAsaDrUgAC
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:46 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
age: 2685
x-served-by: cache-hhn4022-HHN
x-cache: HIT
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-timer: S1620127247.852621,VS0,VE0
content-length: 85
x-cache-hits: 19344

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:45 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1620127245.181291,VS0,VE97
x-served-by: cache-hhn4022-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_test=YJEuDQAAsaDrUgAC
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H2

204

sync
pixel.advertising.com/ups/57304/
Redirect Chain

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true

0
124 B

50ms
42ms

Image
text/plain

52.59.102.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.59.102.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:46 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
date: Tue, 04 May 2021 11:20:45 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

generic
match.adsrvr.org/track/cmb/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1

70 B
370 B

119ms
112ms

Image
image/gif

76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:46 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:44 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 165

GET
H2 200 match
e.serverbid.com/udb/9969/ 0
44 B 177ms
123ms Image
text/plain 134.209.129.254

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fpool%2Fset%2Fi.gif%3FpoolId%3D9969%26poolKey%3D
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.209.129.254 North Bergen, United States, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:45 GMT
content-length: 0

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://x.bidswitch.net/sync?ssp=themediagrid
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid

43 B
145 B

173ms
57ms

Image
image/gif

35.156.143.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.143.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid
date: Tue, 04 May 2021 11:20:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

i.gif
mfad.inskinad.com/udb/9874/sync/
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=185638&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
https://ssum.casalemedia.com/usermatchredir?s=185638&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
https://mfad.inskinad.com/udb/9874/sync/i.gif?partnerId=1&userId=0

43 B
780 B

135ms
125ms

Image
image/gif

23.21.47.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mfad.inskinad.com/udb/9874/sync/i.gif?partnerId=1&userId=0
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.47.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.16.1 / adzerk bifrost/
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:47 GMT
ETag: W/"2b-6KwiS6nul+h2cO1vOi8BKLevn+Q"
Server: nginx/1.16.1
x-powered-by: adzerk bifrost/
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: undefined
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Origin, Content-Type, Content-Length, X-Adzerk-Explain, X-Adzerk-Sdk-Version
Content-Length: 43
x-served-by: engine-production-i-0ec366d978c5ae4c3

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:46 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Location: https://mfad.inskinad.com/udb/9874/sync/i.gif?partnerId=1&userId=0
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 254
Expires: Tue, 04 May 2021 11:20:46 GMT

GET
H2 200 0d855c619d90f70a598b65e543af22c4.jpg
images.taboola.com/taboola/image/fetch/h_217,w_260,c_fill,g_xy_center,x_222,y_368/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 6 KB
7 KB 201ms
197ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_217,w_260,c_fill,g_xy_center,x_222,y_368/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0d855c619d90f70a598b65e543af22c4.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 6115f6b49d2b00eec133d5b79c7002029a422da5e30c3d16bfae37da68f9ed79

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:44 GMT
via: 1.1 varnish, 1.1 varnish
age: 1387209
edge-cache-tag: 534056174535896851765166296695174680274,324512811196312518481814081732494602293,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
expiration: expiry-date="Fri, 07 May 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/h_217,w_260,c_fill,g_xy_center,x_222,y_368/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0d855c619d90f70a598b65e543af22c4.jpg
content-length: 6262
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Tue, 06 Apr 2021 04:52:28 GMT
server: nginx
x-timer: S1620127245.984661,VS0,VE1
etag: "997c781ab2a092b8a6d68f19baa2e0fb"
x-served-by: cache-wdc5521-WDC, cache-dca12929-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 tbp Show response
15.taboola.com/ 6 KB
3 KB 93ms
90ms XHR
text/html 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tbp?oid=15&pubid=166277&tagid=948107&pstn=[pstn]&cb=[cb]&callback=TRC.pVideoCallbacks.videoCallback1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: d88a07b82a38ee86d86f443b1f3613d78ff671ec471df85691a9eed6010285ca

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 04 May 2021 11:20:45 GMT
content-encoding: gzip
access-control-allow-origin: https://www.dailymail.co.uk
machineid: 1417
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-fra19126-FRA
pragma: no-cache
server: nginx
x-timer: S1620127245.984674,VS0,VE34
vary: Accept-Encoding
content-type: text/html;charset=ISO-8859-1
via: 1.1 varnish
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 8784a5be6b80ad314c468a9596549a6f.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 11 KB
11 KB 253ms
33ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8784a5be6b80ad314c468a9596549a6f.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 822dc230271d401ab2cacff336c780f27e65bf85d5120f1f499213171e5d5b29

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:45 GMT
via: 1.1 varnish, 1.1 varnish
age: 3526864
edge-cache-tag: 434481743070294975724167958790233467570,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8784a5be6b80ad314c468a9596549a6f.png
content-length: 11110
x-request-id: 2532e2279231f342f7e434fa595b4765
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 24 Mar 2021 14:14:06 GMT
server: nginx
x-timer: S1620127245.200690,VS0,VE1
etag: "608df50340ea18c38b2b7a6301a3eca9"
x-served-by: cache-wdc5579-WDC, cache-dca17763-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 UnitWidgetItemDesktop.min.js Show response
vidstat.taboola.com/lite-unit/3.4.2/ 95 KB
27 KB 216ms
34ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/3.4.2/UnitWidgetItemDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 85e27c676e226850a78ff98a02e0afdbcb9dca1055f09b9d9820505f391b8c30

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:45 GMT
via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront), 1.1 varnish
age: 267397
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 27685
x-served-by: cache-fra19126-FRA
last-modified: Sat, 01 May 2021 09:03:06 GMT
server: AmazonS3
x-timer: S1620127245.203304,VS0,VE0
etag: "8e00027fd600596c172478b7b28dd6b0"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: icju1eE5Tdw-7RLrzHyy6aAj_YV1N2nPyiC1xKRPOegx_9cTZyb-pA==
x-cache-hits: 53084

GET
H3-29 200 container.html Show response
babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6627 6 KB
3 KB 37ms
11ms Document
text/html 2a00:1450:4001:82f::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 04 May 2021 11:20:41 GMT
expires: Wed, 04 May 2022 11:20:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 4
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame CA10 0
102 B 293ms
61ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.30608702809139876
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:45 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
244 B 212ms
36ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=10.049856269748657
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:45 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 217ms
41ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=10.049856269748657
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:45 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H3-29 200 container.html
babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7E4A 0
0 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 04 May 2021 11:20:41 GMT
expires: Wed, 04 May 2022 11:20:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 4
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7616 6 KB
3 KB 32ms
23ms Document
text/html 2a00:1450:4001:82f::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 04 May 2021 11:20:41 GMT
expires: Wed, 04 May 2022 11:20:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 4
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 5DEC 36 KB
13 KB 534ms
35ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 10:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 2527
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Tue, 04 May 2021 11:38:39 GMT

GET
H/1.1 204
No Content ad0d7ed7-f2df-44d8-b2e4-d4b3564362df
crb.kargo.com/api/v1/initsync/ Frame E9BC 0
0 551ms
51ms Document
text/plain 35.156.12.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://crb.kargo.com/api/v1/initsync/ad0d7ed7-f2df-44d8-b2e4-d4b3564362df?partners=Tapad,ttd,mediamath,DBM,LiveRamp
Requested by: Host: storage.cloud.kargo.com
URL: https://storage.cloud.kargo.com/ad/network/klick/klick-dailymail.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.12.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Host: crb.kargo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.dailymail.co.uk/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Date: Tue, 04 May 2021 11:20:46 GMT
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Krk-Reject-Reason: consent
Pragma: no-cache
Vary: Origin
X-Accel-Expires: 0
Connection: keep-alive

GET sync-success
klkstrm.kargo.com/event/ 0
0

GET
H2 200 creative_js.js Show response
vidstat.taboola.com/vpaid/units/27_2_17/creatives/ 4 KB
2 KB 92ms
82ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/27_2_17/creatives/creative_js.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6258018e9f890f2383a09a2be6df7792affd977d856e7247ace8341f5b5487f0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:46 GMT
via: 1.1 8cdf0467c0468ddfe8e9873c6bb8304c.cloudfront.net (CloudFront), 1.1 varnish
age: 2037220
x-amz-meta-mtime: 1580720676
x-cache: Miss from cloudfront, HIT
x-amz-meta-ctime: 1580720957
x-amz-meta-mode: 33188
content-encoding: gzip
content-length: 1904
x-served-by: cache-fra19126-FRA
last-modified: Mon, 03 Feb 2020 09:09:18 GMT
server: AmazonS3
x-timer: S1620127246.401406,VS0,VE0
etag: "d80eacb3ed43f93a2da80d76e65d19a8"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
access-control-allow-headers: *
x-amz-cf-id: fAeHO52Fy78UbxheIVGwTQpabLzTVzA-RHX2HcKYyUH5P0SAs1-vKA==
x-cache-hits: 701728

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A11C 0
199 B 47ms
39ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPSC36QCEOCy2KYCGKSX8KEBMAE&v=APEucNX8sUSPp7a-mdF8qjP6s3Qup75FF9lywvcnN83aKYnANmpKrV-KVk61cylkt_WnjXmkvvnr1YkMyQvzwALZbouy2UY5HEP6Haij15SnLIdf5iFwheCy_JpyxyJGhvYcY5jhLivPc_vVOpN7j1nVtc3aZEd8PKKKz89qxs8H5tLik6-d-f9chIaU5HSKI9Giz_hPLoHof0oyZKsWvEh6UXymGf2Jf8WukfXeUKBttGBLrJu-PP4

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPSC36QCEOCy2KYCGKSX8KEBMAE&v=APEucNX8sUSPp7a-mdF8qjP6s3Qup75FF9lywvcnN83aKYnANmpKrV-KVk61cylkt_WnjXmkvvnr1YkMyQvzwALZbouy2UY5HEP6Haij15SnLIdf5iFwheCy_JpyxyJGhvYcY5jhLivPc_vVOpN7j1nVtc3aZEd8PKKKz89qxs8H5tLik6-d-f9chIaU5HSKI9Giz_hPLoHof0oyZKsWvEh6UXymGf2Jf8WukfXeUKBttGBLrJu-PP4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 04 May 2021 11:20:46 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 04-May-2021 11:35:46 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 04 May 2021 11:20:46 GMT
cache-control: private

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 77F9 64 KB
25 KB 69ms
62ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Daon3IJfXmv_XkhZzZ_HyA7AwR7Q5uPlwe94NwQ2_OTi_DAG7JwOUYP76JBIYtjLsKqiwtPr-iCdMmcSCiLCRcWJCwGKqLnhHbhCK8IWm8D4v3nc8jFbjV6RbVTePldAgKzy_qdPp6mW-orms-QUZ4ftaQyQ&dbm_d=AKAmf-AXqf-LwDgWggQUBbeeh9Q9FvrfqZyGP8ounQuCDl_hmUff3B4y84b2Dnj_4oel4eAtb2WLAOczNsekOXdTPstYTgU-fEY_CJKrMfSU72Jz1gChIrI6_RPnrhCOX05nTnpULxyXcvYD1tIbdN4AjuIDkA63zLdsfOqoxf5VIceYBYtB2qLFEGu31qGNRtYDhaDwQUTs07HE16z4UFmbKelEUerOEozwUcUh3zGrfeeawqt087z2fso8qL4-OLms_YhsUsnMXuxruBLIv6_DlVO4ZZ2th7fGdQi6KXr0PWycr6-QgxEU2cocb88XM5t-cTPqnbQonJ9nXu7G4CCRHk44AoUaCchv1whMlEiepRWnXWlw6Yxb3u8e7-UCdD5svlWvc8ctfQu3G5Ck0Bu4Ygy4Hqz4hP2ObXcsTpriy-MROrbvYObKd323iCR7rlUFzQBc7QGNqc6VZx7e2tY2qlJF7ZOxzWjj3METUIVpcSQ0_SCpxblWyEQmQk4WF4q1UPK5ho18WuO_hNNeufoym82O4CTH-zKqzeg8_WC8jB_ONLByChHDTWiH44L3Lkf_1IVY8MbmmVU5WZYEcSvNsY34lKzcbuptSF8stN4Jy-XJ1AaJXgpafJJcL2TswbEnkRLYe7k7Mu5bi9PzJHFlLOtVz7hTLUO3BTVq3vk84eZbUXyT907UMHbDsRY3P1EFpYStA8RfuxQuC5NQtGCphRqtuauQGaWaiF-1Je7ckcNXqCKOeDVnaDFIia5b8PEUuHECv1k5WINB5NT0gjk0WQTjSWuJ_14_PpTbVzjTLbAj2V7pblwr8RPAq2TeEC_be3OeotbQSYu_s0E1BdxtH8dLU0Y6m4bVR30BOa7yZZtnUoET1zxQ_TsZ1oOuL0JHUV5JwcfJTS-UMMD1mUtTfMq6wgDAkMrsmnnIhxo0_M68KdOpkii3s-DoYBwwXfJ9HXZoV-nThLVdtC_Hw8kgs1MtR__UjOh3Rh3zjh2lUVIkDrAXVbx0GvPtnFgvD4_I83ko5Thb-ddo0uZcrpzzUgM_bXK--2VWdz_ATxWHyeMFdN7w1MX191q-jwtlbT4Vwy9bAU3yNCC3VEqqSrx_bXGjb1wwzWBqxizCFxp9QgQ69I7zCT9fkvr9OGOPh-J-cVWwHWGE44s0_e1jHw7XwiZpyw4QwwY5h-dbShsK4WPV2eN5bPOdfvcKncHhoh7uOCbO2uwPJs-ljSyKYF8_DsrLx8SSvzJnZpXzNE5BykRg5wMeDFLZaP2gYLaPE8IyVRlzMKhqSl1ZB5U2VJZV0GQdq0zteq59_V9pv9tZKi9ZcKdAOqA12Wt_dxHsIu7NR46lc9G2Ee5FQCGVh6OrwT0nsQ50zIyNQ01jnhFat3aVvGNsqfc57Xb_bx1RwLsBn1eUcnGbx41ud8c0JydscLOinUZkOMrjUr0OymSen3l5X_O59DtXE9LYffQxU11hVSOKY5kuKnaSytOmnjm3uA6JMy2qPLPcVk54e2RxqgalqBHm4669CO0BJpn-I9pz2suBMN_45v7ZHaSCx9gH3_d0ewIubNQbWk-dv0HQxRncYBLLFDstiIFJ9HqsTxsRu8TfELSDx0MqOQR7l0ADG68hMhXvpgq1V1zUnlO2mv4SnIHYWe8XLsPwKy_c4KsfHZpJSiijKxOI4XNKR9wdq533JOei_6O8InAoZeayRByojLVaC4zDBZnSeo3RKKjNbJIxZfFbWwhbTw3lARD4UroQ96F861oku_2q6cZVy7lY44DUlCT_rGxq1I55xz5OEGABoNkt9-kcYQ9RONzdWAuAdPRagfLIc6Rj6omxc057bu-bnhLmgksslV5TQxdBGHIRuNYlQMVmNgqD-GZT7YOsGxgTisXQIIRWE3NcuoPomGgmMb-3mMag8R3W6kzK_YWDCl2o27mfVFtzXBzi0Nwvr0gCRA6Fyl-ZbyU64WCOnrRgEJUYL9pgDEuYxQXvk6Xvs4rTLeypWXMaTGFYWYlw_tdQlDFwp6mGL6n57dKxP2pOXa8_KmGKvLyoK2Inu7rSvALt1aZ7RapLGAyDcL7S049fjpEqDkrtLdjfsWOpV5M78k01tcjOe8rhWfC4KMSO3HQMkZ1mQCxAIFrf0QA_NA_g0OEERIKAi5WQoC52FVqjyy9oTP0CbJ5CIqw2Zl09mt_KWdYS7MrbjqlnajgMcSnRX5CwEnyYj8-2GYmdwLNctg7DPz6fVUT3dA8YSnAPd3BN63W1Nkp44lEpOXf4a7VbbMqZIM62vvQPUIHwkreoMV4yO9M1-jKBUrcS8313_E2dL0L11EsULNz8jO8fUr4ke62dRzuXGnhrIdk3kkG2LaHnOkonOtFmqKRycbS3bIbbt-JFuXLvo4SZDbCd3RThKZz7MfpVnlno6snysRVJvDlaIlHwl9gD_UZXpZ14PwjSNX46Lw493A0ERf1b3f5AM_4tLOyWyecdJA7z2qSY07rzv_WK33fSiU04Ss6G_tLXAFrjd1y21s4aPZOdmH17MLeA1v4yzEcTJ6ET02nNJpByobpfQ0d63BEkG7xC4-HO4-z3VhG3KW7je-pehIuDmMaoy80oly5QWLX9k-l_nOwM9WvPY9yforqGeOGvWxpL4P55erNnPyY12lbAmtGmrWd0ZwdcoMFiO6l6YEF_10MexfKSuBgaROxeb9BjKdIfMrBIveMS71dISH6LlF4qy6MN9iiIH4ETv8U_i9w8QhlE-9hSeQxIMQIR-Cm3B5awZQtmb0bxgc5ejvjzEOpW_gV-kqevxCjG1U1ZIlIwkdIap0_mMmSk2uuv4xua2Z39zwzNeUwNxixLvqQcSBNYd9KpzQoHVKErEVFH8hMLbDW7k1_tEhX6gHRYdLRmsKs5afb8mpxWrhw0kNPmaRfh3rD9Z74TEqOqBgGoiH8lvgCMO9vYskhlTmgTQj9Dd4j8Y8tM3E3MoTOVjJo8IaPuQqWd3YG5HWRw80bIVOfUwxC_TxCfURo_J-_qkQlQopBxn-DWzkSty8k5hy2RUgplrbqrYXJaXHSqF6urCSTNSzg&cid=CAASPeRocizmhE13KXPMs-I53_iGLuk9YNdKGYYhpVd1yWDTU-lwWkTohql9F_23ChRK_vgPZ5vi_2sbPsrX_E8&rfl=1%2Chttps%253A%252F%252Fwww.dailymail.co.uk%252F%240

Requested by

Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7517b36c59e9fdb5d3b3d5c8cf65d45ae163d5ed248b0f94e6040fb0ded44122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25517
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 77F9 42 B
63 B 191ms
71ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D2QgWXaCo8XUhczekeoE-8NBppNvaBu0akVkv8buaJMVR3t8Sv4Zf_j5-99QV1LNA58nbRZlCMyk2euWpRpnRWpnNLV9SwUcG-ArKjzXxcOsqSKOU

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 77F9 2 KB
1 KB 33ms
27ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/window_focus_fy2019.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:20:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 77F9 116 KB
35 KB 43ms
38ms Script
text/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

bdaa38f52441bf7af0793fbf059e5598ffd9d18fa264b14bd55f6b3655fcc958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620056514301796"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36023
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:46 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 77F9 13 KB
6 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:18:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:18:37 GMT

GET
H2

200

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame EE86
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=921ba70e-5eaf-4f68-bb63-c4e7c4b059cf
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&tbid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e&query=taboola_hm%3D921ba70e-5eaf-...

0
76 B

296ms
39ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&tbid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e&query=taboola_hm%3D921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&isDirect=0
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127249.994814,VS0,VE8
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11524-HHN

Redirect headers

location: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&tbid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e&query=taboola_hm%3D921ba70e-5eaf-4f68-bb63-c4e7c4b059cf&isDirect=0
tbl-x-upstream: 10.41.14.127:10213
date: Tue, 04 May 2021 11:20:48 GMT
server: nginx
x-fastly-to-nlb-rtt: 18121

GET
H2

200

sd
u.openx.net/w/1.0/ Frame EE86
Redirect Chain

https://u.openx.net/w/1.0/sd?id=543998486&val=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent=
https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent=

43 B
122 B

85ms
55ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent=
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent=
date: Tue, 04 May 2021 11:20:46 GMT
via: 1.1 google
server: OXGW/16.206.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame EE86 42 B
233 B 422ms
117ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=281&r=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fadkernelrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%7BUID%7D
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:46 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame EE86 0
239 B 246ms
39ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

GET
H2

204

/
sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame EE86
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=3gMRmb9HwCig&ev=1&orig=trc&pid=562107

0
218 B

48ms
45ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=3gMRmb9HwCig&ev=1&orig=trc&pid=562107
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.14.57:10213
date: Tue, 04 May 2021 11:20:47 GMT
server: nginx
x-fastly-to-nlb-rtt: 18115

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=3gMRmb9HwCig&ev=1&orig=trc&pid=562107
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7c488d4f5b-l6kmw
expires: -1

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame EE86 43 B
698 B 119ms
60ms Image
image/gif 185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:46 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.181:80
AN-X-Request-Uuid: bcef34f0-ef5f-4a21-a955-e87f6a7ea34f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame EE86
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEL21ACjcVX0JEQiqI5uaZoU&google_cver=1

0
183 B

171ms
140ms

Image
text/plain

151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEL21ACjcVX0JEQiqI5uaZoU&google_cver=1
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127247.242793,VS0,VE58
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19126-FRA

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEL21ACjcVX0JEQiqI5uaZoU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Pug
simage2.pubmatic.com/AdServer/ Frame EE86 42 B
805 B 265ms
45ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a:$UID
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:46 GMT
X-lat: lhrpug003:0:711
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame EE86
Redirect Chain

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e

170 B
188 B

72ms
53ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e
tbl-x-upstream: 10.41.22.84:10213
date: Tue, 04 May 2021 11:20:46 GMT
server: nginx
x-fastly-to-nlb-rtt: 18114

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame EE86
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=eb8533d2-1e25-41bd-a0b5-cebadffa8191

0
55 B

109ms
92ms

Image
text/plain

151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=eb8533d2-1e25-41bd-a0b5-cebadffa8191
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.539922,VS0,VE58
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19126-FRA

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:46 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=eb8533d2-1e25-41bd-a0b5-cebadffa8191
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame EE86
Redirect Chain

https://ce.lijit.com/merge?pid=42&3pid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&us_privacy=&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=42&3pid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

0
433 B

45ms
44ms

Image
text/plain

216.52.2.39
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=42&3pid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:47 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:46 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=42&3pid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame EE86 49 B
406 B 134ms
118ms Image
image/gif 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-7c488d4f5b-kx42z
expires: -1

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame EE86 43 B
697 B 160ms
44ms Image
image/gif 185.86.139.115
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent=
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2 204 put
e1.emxdgt.com/ Frame EE86 0
59 B 266ms
51ms Image
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d41&uid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:47 GMT
content-length: 0
content-type: text/html

GET
H2

200

/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame EE86
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=9c01e486-cba9-411b-b5f1-b3eaf987b0f7

0
227 B

53ms
50ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=9c01e486-cba9-411b-b5f1-b3eaf987b0f7
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.14.95:10213
date: Tue, 04 May 2021 11:20:47 GMT
server: nginx
x-fastly-to-nlb-rtt: 18122

Redirect headers

pragma: no-cache
x-errorlevel: 0
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=9c01e486-cba9-411b-b5f1-b3eaf987b0f7
cache-control: no-cache
date: Tue, 04 May 2021 11:20:46 GMT
server-processing-duration-in-ticks: 4055
content-type: text/html; charset=utf-8
content-length: 222
expires: Tue, 04 May 2021 00:00:00 GMT

GET
H/1.1

200

1.gif
id5-sync.com/c/464/464/7/ Frame EE86
Redirect Chain

https://id5-sync.com/s/464/9.gif?puid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D...
https://id5-sync.com/c/464/464/7/1.gif?puid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=1&gdpr_consent=

43 B
1 KB

44ms
41ms

Image
image/gif

54.36.109.49
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/c/464/464/7/1.gif?puid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.49 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:46 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

Location: https://id5-sync.com/c/464/464/7/1.gif?puid=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&gdpr=1&gdpr_consent=
Date: Tue, 04 May 2021 11:20:46 GMT
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H2

204

rtb-h
sync.taboola.com/sg/appierrtb-network/1/ Frame EE86
Redirect Chain

https://s.c.appier.net/taboola
https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=z52_WKCXC-WoYYmDEC6RYA

0
219 B

101ms
43ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=z52_WKCXC-WoYYmDEC6RYA
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.22.181:10213
date: Tue, 04 May 2021 11:20:49 GMT
server: nginx
x-fastly-to-nlb-rtt: 22661

Redirect headers

location: https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=z52_WKCXC-WoYYmDEC6RYA
date: Tue, 04 May 2021 11:20:48 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 110
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame EE86 35 B
380 B 533ms
139ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track003-dc3
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:24 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H2

200

rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame EE86
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=0&user_id=&ssp=taboola
https://x.bidswitch.net/ul_cb/sync?dsp_id=409&expires=14&user_group=0&user_id=&ssp=taboola
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=d24c64d4-6c49-4fb0-8554-8aa4ef6edab9

0
227 B

267ms
22ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=d24c64d4-6c49-4fb0-8554-8aa4ef6edab9
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.14.57:10213
date: Tue, 04 May 2021 11:20:59 GMT
server: nginx
x-fastly-to-nlb-rtt: 22090

Redirect headers

location: //sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=d24c64d4-6c49-4fb0-8554-8aa4ef6edab9
date: Tue, 04 May 2021 11:20:57 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

POST
H2

200

/ Show response
r.skimresources.com/api/
Redirect Chain

https://r.skimresources.com/api/
https://r.skimresources.com/api/?xguid=01F4VHQTGDMY83P3ZWTJCVMECS&persistence=1&checksum=5867bf4d37cb48c7bd0965e4cfff82f61a0a17c38fd96e5d69c99876af1f5985

191 B
501 B

55ms
43ms

XHR
application/json

35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?xguid=01F4VHQTGDMY83P3ZWTJCVMECS&persistence=1&checksum=5867bf4d37cb48c7bd0965e4cfff82f61a0a17c38fd96e5d69c99876af1f5985

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

openresty/1.11.2.5 /

Resource Hash

2b3c9240fab83d50460c6f2673e65613bb8e074c4a5dd8825ea65ecc67e1152f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.dailymail.co.uk
vary: Accept-Encoding
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
via: 1.1 google

Redirect headers

date: Tue, 04 May 2021 11:20:46 GMT
via: 1.1 google
server: openresty/1.11.2.5
access-control-allow-origin: https://www.dailymail.co.uk
strict-transport-security: max-age=31536000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://r.skimresources.com/api/?xguid=01F4VHQTGDMY83P3ZWTJCVMECS&persistence=1&checksum=5867bf4d37cb48c7bd0965e4cfff82f61a0a17c38fd96e5d69c99876af1f5985
access-control-allow-credentials: true
content-type: text/html
alt-svc: clear
content-length: 193

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
60 B 139ms
93ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-4620021981936179155~~MlMT5dftesFE%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22enable_custom%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A0%2C%5C%22index%5C%22%3A0%2C%5C%22placement%5C%22%3A%5C%22Below%20Article%20Thumbnails%202nd%5C%22%2C%5C%22innerText%5C%22%3A%5C%22%C3%84rzte%20verbl%C3%BCfft%3A%20Ein%20einfacher%20Tipp%20gegen%20Nagelpilze%20(Heute%20Abend%20testen)%5C%5CnPilz%20Research%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127246735%7D&tim=13%3A20%3A46.735&id=119&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 59
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.633333,VS0,VE59
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
81 B 95ms
94ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22enable_custom%22%2C%22eventTime%22%3A1620127246736%7D&tim=13%3A20%3A46.736&id=5767&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.635084,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
55 B 112ms
110ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-4620021981936179155~~MlMT5dftesFE%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22enable_global%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A0%2C%5C%22index%5C%22%3A0%2C%5C%22placement%5C%22%3A%5C%22Below%20Article%20Thumbnails%202nd%5C%22%2C%5C%22innerText%5C%22%3A%5C%22%C3%84rzte%20verbl%C3%BCfft%3A%20Ein%20einfacher%20Tipp%20gegen%20Nagelpilze%20(Heute%20Abend%20testen)%5C%5CnPilz%20Research%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127246736%7D&tim=13%3A20%3A46.736&id=8889&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 59
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.661122,VS0,VE59
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
60 B 96ms
94ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22enable_global%22%2C%22eventTime%22%3A1620127246736%7D&tim=13%3A20%3A46.736&id=3713&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 57
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.709752,VS0,VE57
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
56 B 100ms
98ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-6920117224991537703~~LyCnVSgj8lhs%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22has_cta_text%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A1%2C%5C%22index%5C%22%3A1%2C%5C%22placement%5C%22%3A%5C%22Below%20Article%20Thumbnails%202nd%5C%22%2C%5C%22innerText%5C%22%3A%5C%22Einfach%20abkleben%20und%20losstreichen!%5C%5CnOBI%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127246736%7D&tim=13%3A20%3A46.737&id=4604&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.736122,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
59 B 99ms
97ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22has_cta_text%22%2C%22eventTime%22%3A1620127246737%7D&tim=13%3A20%3A46.737&id=8093&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.736100,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
176 B 108ms
103ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-6920117224991537703~~LyCnVSgj8lhs%5C%22%2C%5C%22text%5C%22%3A%5C%22Mehr%20erfahren%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22cta_render_candidate%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A1%2C%5C%22index%5C%22%3A1%2C%5C%22placement%5C%22%3A%5C%22Below%20Article%20Thumbnails%202nd%5C%22%2C%5C%22innerText%5C%22%3A%5C%22Einfach%20abkleben%20und%20losstreichen!%5C%5CnOBI%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127246737%7D&tim=13%3A20%3A46.738&id=9232&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 59
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.794523,VS0,VE59
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
164 B 106ms
103ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22cta_render_candidate%22%2C%22eventTime%22%3A1620127246738%7D&tim=13%3A20%3A46.738&id=2024&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 59
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.810576,VS0,VE59
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
56 B 104ms
96ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-6920117224991537703~~LyCnVSgj8lhs%5C%22%2C%5C%22text%5C%22%3A%5C%22Mehr%20erfahren%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22rendered%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A1%2C%5C%22index%5C%22%3A1%2C%5C%22placement%5C%22%3A%5C%22Below%20Article%20Thumbnails%202nd%5C%22%2C%5C%22innerText%5C%22%3A%5C%22Einfach%20abkleben%20und%20losstreichen!%5C%5CnOBI%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127246784%7D&tim=13%3A20%3A46.784&id=5967&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.839512,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
56 B 102ms
94ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22rendered%22%2C%22eventTime%22%3A1620127246784%7D&tim=13%3A20%3A46.784&id=5060&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.839667,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

POST
H2 204 bulk Show response
trc.taboola.com/dailymail-row/log/3/ 0
304 B 96ms
96ms XHR
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/dailymail-row/log/3/bulk?tvi2=766&route=IL%3AIL%3AV&lti=deflated&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 60
pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127247.986827,VS0,VE60
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 86ms
42ms XHR
text/javascript 2a02:2638::3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:47 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 05 May 2021 11:20:47 GMT

GET
H2 200 SiteEvent.dotmetrics Show response
uk-script.dotmetrics.net/ 316 B
1 KB 210ms
70ms Script
application/javascript 143.204.202.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uk-script.dotmetrics.net/SiteEvent.dotmetrics?v=eyJpZCI6NDYxNSwiZmwiOnRydWUsImRvbSI6Ind3dy5kYWlseW1haWwuY28udWsiLCJmc28iOm51bGwsImxzbyI6bnVsbCwidXJsIjoiaHR0cHM6Ly93d3cuZGFpbHltYWlsLmNvLnVrL3dpcmVzL3JldXRlcnMvYXJ0aWNsZS05NTM5NDAzL0JyYXppbHMtSXRhdS1iZWF0cy1lc3RpbWF0ZS1sb3dlci1wcm92aXNpb25zLXRyYWRpbmctZ2FpbnMuaHRtbD9faHNtaT04ODk3NDc0NCZfaHNlbmM9cDJBTnF0ei05czkzYUhsY0t2U3dpeXgzTXhJMF9YRng1aUZDVjJvVGc5QUpONVpkVjVpN1RHMl9TR0tWajVSaC1oaFBfRDViekdZbjlLay1iVm5JUmJrM3g0TktTaGZveGVobERvVDFiakZZRnVRbTBBY3RiWGR2SSIsInJ1cmwiOiIiLCJwdnMiOjEsInB2aWQiOiJrbzl4eGZsbmFrazR1YzMxMDQiLCJvc3MiOnRydWUsIm9zZXMiOnRydWV9&r=1620127247028
Requested by: Host: uk-script.dotmetrics.net
URL: https://uk-script.dotmetrics.net/Scripts/script.js?v=181
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.202.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-19.fra53.r.cloudfront.net
Software: Kestrel /
Resource Hash: cb194deb2f39115de851dcf1eca2899907f171b6618c9b79d968e25a6fbbd060

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: br
server: Kestrel
x-amz-cf-pop: FRA53-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
cache-control: no-cache
content-type: application/javascript
x-amz-cf-id: j8GzK-PIIfh9LCuX-vDBNq1EXpoRXnv7G2UwL2Ebsz0Y9MhCRaDW5w==

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 818D
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuC_4uv_Ur8R46BEnRSgAABKoAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuC_4uv_Ur8R46BEnRSgAABKoAAAAB&dcc=t

43 B
433 B

128ms
126ms

Image
image/gif

52.94.232.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuC_4uv_Ur8R46BEnRSgAABKoAAAAB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:47 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:47 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuC_4uv_Ur8R46BEnRSgAABKoAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 818D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDbcyFaYg67XSqAArUkdzk0&google_cver=1

43 B
1 KB

242ms
68ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDbcyFaYg67XSqAArUkdzk0&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:50 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDbcyFaYg67XSqAArUkdzk0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 818D 70 B
264 B 74ms
68ms Image
image/gif 76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=70&cm_user_id=YJEuC-4uv-Ur8R46BEnRSgAA&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 818D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJEuC_4uv_Ur8R46BEnRSgAABKoAAAAB
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEL0A5WL7asU__uknhEA7fSo&google_cver=1

43 B
315 B

81ms
79ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEL0A5WL7asU__uknhEA7fSo&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:47 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:47 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEL0A5WL7asU__uknhEA7fSo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK CookieIndex
rtb.adentifi.com/ Frame 818D 0
88 B 553ms
117ms Image
text/plain 52.202.1.196
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.1.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/plain

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 818D
Redirect Chain

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

43 B
315 B

467ms
41ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:48 GMT

Redirect headers

date: Tue, 04 May 2021 11:20:47 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 818D
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7396079597595942817
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7396079597595942817&C=1

43 B
1 KB

478ms
52ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7396079597595942817&C=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:48 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7396079597595942817&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 281
Expires: Tue, 04 May 2021 11:20:47 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 818D
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6734136471924624072&uid=Q6734136471924624072&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

449ms
33ms

Image
image/gif

104.111.242.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.242.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-53.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:48 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Tue, 04 May 2021 11:20:47 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK i.gif
mfad.inskinad.com/udb/9874/sync/ Frame 818D 43 B
875 B 142ms
138ms Image
image/gif 23.21.47.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mfad.inskinad.com/udb/9874/sync/i.gif?partnerId=1&userId=YJEuC-4uv-Ur8R46BEnRSgAA%261194
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.47.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.16.1 / adzerk bifrost/
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:47 GMT
ETag: W/"2b-6KwiS6nul+h2cO1vOi8BKLevn+Q"
Server: nginx/1.16.1
x-powered-by: adzerk bifrost/
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: undefined
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Origin, Content-Type, Content-Length, X-Adzerk-Explain, X-Adzerk-Sdk-Version
Content-Length: 43
x-served-by: engine-production-i-0f61315ae345407f1

POST
H2 202 /
crta.dailymail.co.uk/ 8 B
575 B 148ms
93ms Ping
text/plain 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://crta.dailymail.co.uk/
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: http-to-kafka/0.8.10 /
Resource Hash: a00fb0c50741f81bb51d35b4475a4357f8039aabd896a21036bc516839401595

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: http-to-kafka/0.8.10
etag: W/"8-YaBXLEiT7zQxEyDYTILfiL6oPhE"
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 8
expires: Tue, 04 May 2021 11:20:48 GMT

GET
H2 200 c57dfb5a1dc8caf3e693a8ff256c2fa0.png
cdn.taboola.com/libtrc/static/thumbnails/ 20 KB
21 KB 178ms
68ms Image
image/png 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/c57dfb5a1dc8caf3e693a8ff256c2fa0.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 94597c556eef4fd01fe311a447e7669584180256fd43b20d63891a163816283e

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: _1CnRRpv3WkY4YE.dnJelea3F83vhEw3
via: 1.1 varnish
etag: "711a74dedf1d787839244bcd8af73473"
age: 10073
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 20549
x-amz-id-2: GviEjQqPe9+v3jsN4P2mbxB20FPrwyl33ZCq5Jj29DQKWKpkJFcIGYkKbh31KC6QJ39RX05/mNo=
x-served-by: cache-fra19126-FRA
last-modified: Wed, 24 Jun 2015 03:49:58 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1415049902/atime:1435052170/md5:711a74dedf1d787839244bcd8af73473/ctime:1422381536
x-timer: S1620127248.019195,VS0,VE1
date: Tue, 04 May 2021 11:20:48 GMT
x-amz-request-id: QF7P7KTP7QZ0EPD6
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 11
x-cache-hits: 1

GET
H2 200 tbp Show response
15.taboola.com/ 6 KB
2 KB 74ms
67ms XHR
text/html 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tbp?oid=15&pubid=166277&tagid=948107&pstn=[pstn]&cb=[cb]&callback=TRC.pVideoCallbacks.videoCallback2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 2fe41eaa4fae47e27de200173031bbd315c11e87836b3225c1788fce05e1be1b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 04 May 2021 11:20:47 GMT
content-encoding: gzip
access-control-allow-origin: https://www.dailymail.co.uk
machineid: 1449
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-fra19126-FRA
pragma: no-cache
server: nginx
x-timer: S1620127247.398366,VS0,VE25
vary: Accept-Encoding
content-type: text/html;charset=ISO-8859-1
via: 1.1 varnish
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
73 B 185ms
76ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-6171177869809221451~~EM25jce6KvvI%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22has_cta_text%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A5%2C%5C%22index%5C%22%3A2%2C%5C%22placement%5C%22%3A%5C%22wide%5C%22%2C%5C%22innerText%5C%22%3A%5C%22inPixioWeltpremiere%3A%20inPixio%20Photo%20Studio%2011%20-%20Foto-Bearbeitung%20ganz%20einfach!inPixio%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127247234%7D&tim=13%3A20%3A47.234&id=465&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.019295,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
250 B 221ms
110ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22has_cta_text%22%2C%22eventTime%22%3A1620127247234%7D&tim=13%3A20%3A47.235&id=4189&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 63
pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.042765,VS0,VE63
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
55 B 181ms
110ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-6171177869809221451~~EM25jce6KvvI%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22filtered_no_title%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A5%2C%5C%22index%5C%22%3A2%2C%5C%22placement%5C%22%3A%5C%22wide%5C%22%2C%5C%22innerText%5C%22%3A%5C%22inPixioWeltpremiere%3A%20inPixio%20Photo%20Studio%2011%20-%20Foto-Bearbeitung%20ganz%20einfach!inPixio%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127247235%7D&tim=13%3A20%3A47.235&id=7001&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.042720,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
56 B 181ms
110ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22filtered_no_title%22%2C%22eventTime%22%3A1620127247235%7D&tim=13%3A20%3A47.235&id=6650&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.042695,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
57 B 178ms
110ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-4459845448408295845~~q6-vO8T5BcX3%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22has_cta_text%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A10%2C%5C%22index%5C%22%3A7%2C%5C%22placement%5C%22%3A%5C%22wide%5C%22%2C%5C%22innerText%5C%22%3A%5C%22brillen.atSpare%20269%20%E2%82%AC%20beim%20Kauf%20von%202%20Gleitsichtbrillen%20in%C2%A0Wienbrillen.at%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127247262%7D&tim=13%3A20%3A47.262&id=8908&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.042670,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
267 B 122ms
109ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22has_cta_text%22%2C%22eventTime%22%3A1620127247262%7D&tim=13%3A20%3A47.263&id=2751&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 65
pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.135086,VS0,VE65
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
286 B 114ms
102ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22location%5C%22%3A%5C%22https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_%5C%22%2C%5C%22itemId%5C%22%3A%5C%22~~V1~~-4459845448408295845~~q6-vO8T5BcX3%5C%22%2C%5C%22type%5C%22%3A%5C%22event%5C%22%2C%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22version%5C%22%3A%5C%221.0.74%5C%22%2C%5C%22event%5C%22%3A%5C%22filtered_no_title%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A10%2C%5C%22index%5C%22%3A7%2C%5C%22placement%5C%22%3A%5C%22wide%5C%22%2C%5C%22innerText%5C%22%3A%5C%22brillen.atSpare%20269%20%E2%82%AC%20beim%20Kauf%20von%202%20Gleitsichtbrillen%20in%C2%A0Wienbrillen.at%5C%22%2C%5C%22config%5C%22%3A%7B%7D%7D%22%2C%22eventTime%22%3A1620127247263%7D&tim=13%3A20%3A47.268&id=8912&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 59
pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.135017,VS0,VE59
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/dailymail-row/log/3/ 0
255 B 93ms
92ms Image
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/dailymail-row/log/3/abtests?route=IL:IL:V&tvi2=766&lti=deflated&ri=ddb5ac1586348bccdffb72467ea9daab&sd=v2_8e1dde1f681923780054fdca2139811c_afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a_1620127242_1620127242_CNawjgYQ-4w9GOal77iTLyABKAEwDzjpmQdA_4UQSOWG2ANQ____________AVgAYABosa_ptcr9986tAQ&ui=afed15b6-4a11-4800-bcb3-8d2b555f3dfa-tuct78ab38a&pi=/wires/reuters/article-9539403/brazils-itau-beats-estimate-lower-provisions-trading-gains.html&wi=-4096432130101852702&pt=text&vi=1620127240934&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22filtered_no_title%22%2C%22eventTime%22%3A1620127247268%7D&tim=13%3A20%3A47.269&id=2683&llvl=1&cv=20210503-25-RELEASE&
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127248.148957,VS0,VE58
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 img_6065b145586fb2.29964010_pxsDI52LWx1id6bnZ2JmR4pjFKFD7iP9jKO9c3ELIuEFfjDGDn_tb3.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.eam.pubocean.com/ 6 KB
7 KB 63ms
50ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.eam.pubocean.com/img_6065b145586fb2.29964010_pxsDI52LWx1id6bnZ2JmR4pjFKFD7iP9jKO9c3ELIuEFfjDGDn_tb3.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: d079ff44603ea2d3e6c5045eddc5ea364eaa152fa973b4aff2e9983fec0ce982

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 2512100
edge-cache-tag: 625600002394840556875937717486400740877,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.eam.pubocean.com/img_6065b145586fb2.29964010_pxsDI52LWx1id6bnZ2JmR4pjFKFD7iP9jKO9c3ELIuEFfjDGDn_tb3.jpg
content-length: 6592
x-request-id: 9bd2fd594518d17e85d75f930d5fa946
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb102
last-modified: Mon, 05 Apr 2021 09:10:20 GMT
server: nginx
x-timer: S1620127248.135039,VS0,VE0
etag: "7eb8284daea97837eaeec0eeb0946e4c"
x-served-by: cache-wdc5549-WDC, cache-dca12929-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

GET
H2 200 40ded6c58dce1b2b68eee7d71e9fa0d0.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 14 KB
15 KB 139ms
137ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/40ded6c58dce1b2b68eee7d71e9fa0d0.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: fb8e67f054cb1201118639827083de0efa60d7623a5df64f5eefeafff42c8368

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 92
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 181605
edge-cache-tag: 448790223060261201932946515139237549820,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
expiration: expiry-date="Sun, 16 May 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/40ded6c58dce1b2b68eee7d71e9fa0d0.jpg
content-length: 14436
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Thu, 15 Apr 2021 01:05:48 GMT
server: nginx
x-timer: S1620127248.149175,VS0,VE92
etag: "839903a56f2e00f1b3a18bd605508466"
x-served-by: cache-wdc5571-WDC, cache-dca17730-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0

GET
H2 200 7f49443a9db29dfc7428ab3441a5f3ef.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 12 KB
13 KB 38ms
37ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7f49443a9db29dfc7428ab3441a5f3ef.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 5cce516a4dd1e3b1b44c07bcf7e4a837842c3308d536a4786068320b2c72e379

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 1478467
edge-cache-tag: 514078969652649363315220540460756677191,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
expiration: expiry-date="Sat, 24 Apr 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7f49443a9db29dfc7428ab3441a5f3ef.jpg
content-length: 12596
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Wed, 24 Mar 2021 14:20:40 GMT
server: nginx
x-timer: S1620127248.149150,VS0,VE1
etag: "0c8629e76e241aed811bb37815d40289"
x-served-by: cache-wdc5534-WDC, cache-dca17744-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 004c0d3c978bc16ddbbf79f48741e018.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 12 KB
12 KB 38ms
37ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/004c0d3c978bc16ddbbf79f48741e018.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 30d338b00a660b32e275122c9e5e66a0ccc9abde9da532eade2fa81dd8cc45ed

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 4230089
edge-cache-tag: 554701638997755486133682425116940453865,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/004c0d3c978bc16ddbbf79f48741e018.jpg
content-length: 12034
x-request-id: d190ae8d8c5187487943e86863a4fa18
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb102
last-modified: Sat, 13 Mar 2021 04:26:02 GMT
server: nginx
x-timer: S1620127248.149152,VS0,VE1
etag: "dd2668775c7d6d1e5256eb622954d5b7"
x-served-by: cache-wdc5577-WDC, cache-dca17722-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 440666dcf236003bacb2730f7f41fa13.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 5 KB
5 KB 57ms
33ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/440666dcf236003bacb2730f7f41fa13.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: d6ae1595d48575a5547705f01006599072fb809e14065f5d2d0f1cb263a6307b

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 1640556
edge-cache-tag: 536586030337498835945682562603120703398,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/440666dcf236003bacb2730f7f41fa13.jpg
content-length: 4638
x-request-id: 1c173eb9687ff2543f2c1d5cbe765cd6
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Sat, 27 Mar 2021 06:02:25 GMT
server: nginx
x-timer: S1620127248.198437,VS0,VE1
etag: "e798893de09eeacb3af618e2db164c31"
x-served-by: cache-wdc5521-WDC, cache-dca17749-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 e12ec33aaf5dd41fce722fa40f876226.jpg
images.taboola.com/taboola/image/fetch/h_217,w_260,c_fill,g_xy_center,x_1547,y_978/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 46ms
34ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_217,w_260,c_fill,g_xy_center,x_1547,y_978/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e12ec33aaf5dd41fce722fa40f876226.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e05097eb9768b3fc9c6245ecc76f8f18d8233ad5e2e3713aeaa7e3bf2614a7a5

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 2431153
edge-cache-tag: 605599801154644770775410904866307749709,452620351490697423641683821229060896537,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/h_217,w_260,c_fill,g_xy_center,x_1547,y_978/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e12ec33aaf5dd41fce722fa40f876226.jpg
content-length: 9430
x-request-id: 8c5b54ed393dd04511c16354d03e100f
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Wed, 17 Mar 2021 13:31:59 GMT
server: nginx
x-timer: S1620127248.199145,VS0,VE1
etag: "7a29c6674788736aa0e948ef7dcdbbc1"
x-served-by: cache-wdc5555-WDC, cache-dca17752-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 914d66302d9cfcaaf35fc052a89cb61d.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 6 KB
7 KB 41ms
40ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/914d66302d9cfcaaf35fc052a89cb61d.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: de47ae98e70bdc68985cca2f2a431e590c24095e2b66d5e21efa7a09b3efbe51

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 2749107
edge-cache-tag: 491057554463560619958597294262159865220,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/914d66302d9cfcaaf35fc052a89cb61d.jpg
content-length: 6390
x-request-id: 20d08ed277b955fa599a57c1fc383e63
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb106
last-modified: Thu, 04 Mar 2021 07:01:54 GMT
server: nginx
x-timer: S1620127248.199234,VS0,VE1
etag: "3133abbf4e43503bef9aae6734fab7d1"
x-served-by: cache-wdc5579-WDC, cache-dca17763-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 1

GET
H2 200 61a20adc02428beadc0af2238844241a.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 58ms
57ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/61a20adc02428beadc0af2238844241a.jpg
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 0ba8353fbf5542da5fa96164a1d35fd9da723d03f90028eb653c010ffd0b03e6

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 78761
edge-cache-tag: 483959066093592215540383158497921168214,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: MISS, MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/61a20adc02428beadc0af2238844241a.jpg
content-length: 9600
x-request-id: 54dd9fb9e59ccba8dc98a0be07bb9ab3
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb106
last-modified: Thu, 15 Apr 2021 12:19:15 GMT
server: nginx
x-timer: S1620127248.228686,VS0,VE1
etag: "dc02f9f6d5dc3db43a4902badf9bd9b7"
x-served-by: cache-wdc5541-WDC, cache-dca12925-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1

GET
H2 200 01f45f08606bf41033e5ed343dd24422.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 12 KB
13 KB 387ms
288ms Image
image/webp 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/01f45f08606bf41033e5ed343dd24422.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 3a3df2358c5f4bbe68b0ab7bc9fa2a7da073e4032e2a05ad42a81e8cd587b0da

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish, 1.1 varnish
age: 235383
edge-cache-tag: 509151048484713767403305783683430162873,534554604223319601008643105194670925976,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
expiration: expiry-date="Sat, 01 May 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/01f45f08606bf41033e5ed343dd24422.png
content-length: 12648
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Wed, 31 Mar 2021 19:49:11 GMT
server: nginx
x-timer: S1620127248.371604,VS0,VE1
etag: "5e425f7e4665da38b9a3fbbc65b0c1b2"
x-served-by: cache-wdc5559-WDC, cache-dca12923-DCA, cache-fra19126-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0ED0 0
172 B 33ms
8ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQvPyRogIYson8lwEwAQ&v=APEucNX1XjeHxB86QgNEFINR4L4IOsmWr34SaD_v7m0WW3BrDziELjZsr4fOoBkJKPRW-WEkNuN7HJZ24hRnicjZVHbNitl2_TglDPvp5PvpQpAQR0ycR1EnBITEcE5CppvziZbHcxD0rs5FJrRYxdAW6pJy6Gi-U5xfV3cg9nFutgm8q-tH6c-xQEi8vXjoTjBRlykuGPkKM16GM2HAA-Jt6ujplR2g72xNgn6fzoMU05QYjhk5l44

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJHlswIQvPyRogIYson8lwEwAQ&v=APEucNX1XjeHxB86QgNEFINR4L4IOsmWr34SaD_v7m0WW3BrDziELjZsr4fOoBkJKPRW-WEkNuN7HJZ24hRnicjZVHbNitl2_TglDPvp5PvpQpAQR0ycR1EnBITEcE5CppvziZbHcxD0rs5FJrRYxdAW6pJy6Gi-U5xfV3cg9nFutgm8q-tH6c-xQEi8vXjoTjBRlykuGPkKM16GM2HAA-Jt6ujplR2g72xNgn6fzoMU05QYjhk5l44
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 04 May 2021 11:20:47 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 04-May-2021 11:35:47 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 04 May 2021 11:20:47 GMT
cache-control: private

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 606D 57 KB
23 KB 67ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CBOqeP6XR22fbg_Gll3dthMyeGxKH8HBOukBREow97G7g3dwh2HWibL-GgdcijBl8CCJxQaf86jh1prZQ5fDeqGE_g3Aodt1AwFSXd_OZGsYXBYGsEx_TczvWvv9e9f3j5S4TySbGm8ejtb29N81ggcpNQjQ&dbm_d=AKAmf-DM4LzYLNAeTA1aun-WAh6dsKRHO_BE-L0NeZcWpNfXIALrlFUYGdG_G67P0UvPvCi2mJCNuLKN3WWWQbtUsw5fprk_kiCxsC_c2TwsyK4k_kA0z-ZPokx76jamCQjsVFD7tyUnO713PvE3qPm7DXT44fvp3b0NqNAHgCTNPN-_5waXCnfduxLaTR91oZ3iUhxFBnsmYRsumktWkMZFBMNyyKNxTzb7IDIWQchdNGhg73a7MZf6z7VFtsxlqN7Nc8WXtS7R8YR-CvKT23_hLDbR4hI8zDmzhK2mZ9_i-NYNCjwbTKKFQHOXmrzNmdqvKgdunVUkc1262xv9FPps9JFWSYzqbfo7jOpjn9U40pYoGQUiHPoaTxJ-yhLhZUfIH7FLp49Xxg_nMMjWeviQAR_zSZK_m0Uxg0mL5G0uuG59r4yMvE84cm9ebCBT9qaGtmH8cqquk649zhF9ZYKvvnyIK_DVhNpmMODpxSN0uG9YWnd4xm2ImP_Z9nPfQRQD-ValNIh3v0cofZzmelmoEeoHjEU7NHDVp6UmGoEqpyXtH3G0KWQ-m9iAFOzhFdo14qbWPzpbsi0VkSNV0OyIMKQGQZJUDUeL1UOWv1lhC8kK4PrIcy8iQ5uPcuA5yicbZ2qEXNfsZBuV9l0s0JZTWH2uJraoH2tkUEtIf8SdjL39dBByp4gN716_xhmNz9fzy04Cbl-Th_dVxrmqAJkPUWehattmvz7RGsbQCQzxa82xeT43TrD7DR3Ua4LHBfHCD5P_tpbWM-aKQ8scXl3GAAxCfm9PgpyTgcRWPA50tLo-pPtigFxphQCDLB4427X2iZoksbujPAH_Kw8ek1ZoVnXjp0iXBQvKkFE8GiHNZExjVuP_7dcFWhfArheRD2Q-Nv30sAJ8BpFcqyInRmBHsHYn0imLtR0d1tz4EqV-dDCcuLkH2PQGYtF--ClJDTB3lG650A7YnPOTJkIquo2Vc6WDY0kyte-UZw4ScBtoCIJt8qGCBo3T0XXX439te3-YyeCJ27TbCYQPfwwae0HzuOxbji1u-8X_-zGgHSG9PX99Z9OqW_2Yc1VQjiwWwhV-1f0sO31DeTTnN1WhG5I6nsi7MDMgHqHVef1Yfji-nOX5DbAT-txz9YR3MO3dG2TSa50Y75sciq9sjkozQgdT0f1_D1ZaNVdB6oZwmp_2LcyRCCLb0WZcdcBcTKsWTqGuPlqZffWPbLlFB3wpSQsEPnaPSi7FTe6sh4M0HM-lNtnoIw9z_CcdV6uz8lEMAkeHQN5Dv1qVN2cFSIYGIHuJFD7yYDmOwio-xSrrlLAfQa9th2UDwBODDz1No7lS2_UsVopQwb1VLhq7OStHFE_YTDztFBLjC5qGQ2-rNGJFWC3y-qWNM1OAraRmMNP5d6DPsrZg45eI971iiEeWxyPX54j9lz5Yg-baS8SjtKO9rIO6U8p9V7F3BbhhvbEDrdDI0cGSlJqeV9MuY68GNFf0xkyx-K6ztk9nH9HhzEEevjjOemvIOvNV4luz-JKIHOP74hSGN8p4fGIqsOECXzH4gB3dP7dLTASNTTLcVp2rAw3VUqjikHmHGgP9BgqfgHUVQ0wwJkeMXBHdHFEeB9ltU79eNGS2OQVFNMeEe06QmGYQN7hrgnKUb1GeLcb5h9he6lT5BwqlsC3vy22G5IPVkvU0Fx_s6cz6TtRD59X9dTa61mFNz4AvFSdJG440TpMfMcMrMHPKroJmTupE7H1c4XwbkFu7z3cvjJB-N-hsoPEEEAJeSDQlWS62-ksYG_FBtJS4mihv0mCauX6Fx5mX7ejB74fFGmAOKu6fORWqE10buR0Sr4j_AmhcbG_Dcs0VOwl_n3hX1C54dXyqW77HP-MlUUQ0Z7VQj-RDLEuXCabRnqhH1UzLT-gZsFd8hHrz2FzaYejLWOrMFlYsUJoCSj7LExR22X19Nqq0EPPGqKmTDo4BehJIcmUYzeEW1sbYhbemSrQEEBp2fRQmYCv8aZ5QtJWVncqqEkjcrdSxmvMMofOXD5CVlf7EWVuqzZN6PW6JzmZFYOkRGK9eDlslsJAReBTicOraEcpTsGmTUYR_4Q5a6FgYVuFI88htm_808IBqh7RBpwinJ7MuPInFA8DI62KyfAyPiCfja4cSaUWH8kK0_JZAoTQJ05xW45Aaq4SLItQbtg1fEPP1F2wm64atEC8whftTeiFmj2XImdlruv1rgvLVt9IixusObMf9fCEtwySg9gnsDB7j1KZdYzlO9RL7eCQJZyMOkfLbY4jWr5bXAKlbnThe-nlUYyYP1kwUW2GRkvA53i-yBbf1oCag51L28cRVahNW4o__G0easV79NkHmEAjcj5w3K756Jgm-anIeTXMBM9q39kzp8d47V_LVmzkB0FW5JzMv-csWVaGpbBBDhSMlc3lm0JLL0jK-aFoxEm383K8eH8UvTfmrl2lfF7BjQHulmN_V3mLHJ_YLCHBFtQC5cqlzOXRu16IIOMcrQqiVqHzbO67LOMiUTPhuWyFsGV0m6p3-zKuxsIaGSVU_FN_aC8U8uyPF_2QDYlroV8dQLnpk6rw6AwcG4p4rbFOKFfkZAtZiDP5K5E9TSSC4f13nkeryI0BX8glphx34-qQ4NFc_BUTbfh9wm6Z2IkCgJj4lUk5nxYwbtTpl-n8a4BX2cQGW18cDDSor0tzrEW4Z7e9obND0Upcxf0ckOL_1EkEuuS3nmYxHdiCgC8IdcUYsLs_pV34SBLg-S-TxMWnmU3E_YF_ZAdh3IWccrH5J5GpnTegUklowuqRmuMejzN24A6XNrcJBT7IJWqRiaNIl-7XQhXwYlIFassAB3SbRtdOW0SM0fPEgJOFjTF4t4Hw-ZyHPTIVmcwIqqEDwQt9sz4htkipYdhXfWOl0Jwjt-PIPU4s2rrpWo0VQ8B8xO_xGOefg457DwAmg809t3hlqvxRvh_iaipn-UfCGV5Tijo0-Rs3UnoTiMpJBlPoUgpfsMCv8wPBpJq52rb4fIIfxOD_N1JcVWpQ72B9Tl6h978Fb2oadV03S-tqJo2SD4D6kS5yaIU3o7QeZWZXUpknFF8n1jFGaJiJh8ItglSurhHVSEsZXqzDZSjewUxjQXpVkdEYnQRknKnYWf5vZHpZvwrQP9GADxhHCvGtlgr5oSEYab3rgef3uD23Ql7vmZF-Qea-ruUKuSFfUQZb2&cid=CAASPeRo9UrMlXUEjUdqQ5UEotuUqqITHUpo_d1RI-sQwtW0rla5nBcbpnvTudr7sIFFREVotYehONz6wjxpSWo&rfl=1%2Chttps%253A%252F%252Fwww.dailymail.co.uk%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcd97fa72ce23436b8fabce87d7dad7e87533ab53b6042742068fe641f1ef92e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23703
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 606D 42 B
286 B 65ms
28ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D4filrn5L4D2eiisNzT5RtfM2Z44GkuCMnGM6_4XVJ4LDs59AdEnvkuFPtconVFKfQSKG1cPGw3SNW-OEvncKjeFCvV70mK-g-vciEixGdJnnxtRE

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 606D 2 KB
1 KB 31ms
0ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/window_focus_fy2019.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:20:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 606D 116 KB
35 KB 34ms
0ms Script
text/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

bdaa38f52441bf7af0793fbf059e5598ffd9d18fa264b14bd55f6b3655fcc958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620056514301796"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36023
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:47 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 606D 13 KB
6 KB 30ms
0ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:18:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:18:37 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 606D 0
0 62ms
19ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ6smhFjNBT_8Vg_Yn4lBfTuc2jKw5uqMrPpIiDS6PGY7jMCyT4j4hw7gPT2YydYcuqzz-0
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/677475/54035434/ Frame 77F9 45 KB
13 KB 350ms
91ms Script
application/javascript 34.254.6.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/677475/54035434/skeleton.js
Requested by: Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.6.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: fe9f7e697d07c48ae9ff3c4fafecfacd442d88a13a92fecf46cafe43e030cf99

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: gzip
x-server-name: app35.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 77F9 111 KB
39 KB 30ms
5ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 11:22:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86291
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 May 2021 11:22:36 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/elements/html/ Frame 77F9 8 KB
3 KB 16ms
11ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Daon3IJfXmv_XkhZzZ_HyA7AwR7Q5uPlwe94NwQ2_OTi_DAG7JwOUYP76JBIYtjLsKqiwtPr-iCdMmcSCiLCRcWJCwGKqLnhHbhCK8IWm8D4v3nc8jFbjV6RbVTePldAgKzy_qdPp6mW-orms-QUZ4ftaQyQ&dbm_d=AKAmf-AXqf-LwDgWggQUBbeeh9Q9FvrfqZyGP8ounQuCDl_hmUff3B4y84b2Dnj_4oel4eAtb2WLAOczNsekOXdTPstYTgU-fEY_CJKrMfSU72Jz1gChIrI6_RPnrhCOX05nTnpULxyXcvYD1tIbdN4AjuIDkA63zLdsfOqoxf5VIceYBYtB2qLFEGu31qGNRtYDhaDwQUTs07HE16z4UFmbKelEUerOEozwUcUh3zGrfeeawqt087z2fso8qL4-OLms_YhsUsnMXuxruBLIv6_DlVO4ZZ2th7fGdQi6KXr0PWycr6-QgxEU2cocb88XM5t-cTPqnbQonJ9nXu7G4CCRHk44AoUaCchv1whMlEiepRWnXWlw6Yxb3u8e7-UCdD5svlWvc8ctfQu3G5Ck0Bu4Ygy4Hqz4hP2ObXcsTpriy-MROrbvYObKd323iCR7rlUFzQBc7QGNqc6VZx7e2tY2qlJF7ZOxzWjj3METUIVpcSQ0_SCpxblWyEQmQk4WF4q1UPK5ho18WuO_hNNeufoym82O4CTH-zKqzeg8_WC8jB_ONLByChHDTWiH44L3Lkf_1IVY8MbmmVU5WZYEcSvNsY34lKzcbuptSF8stN4Jy-XJ1AaJXgpafJJcL2TswbEnkRLYe7k7Mu5bi9PzJHFlLOtVz7hTLUO3BTVq3vk84eZbUXyT907UMHbDsRY3P1EFpYStA8RfuxQuC5NQtGCphRqtuauQGaWaiF-1Je7ckcNXqCKOeDVnaDFIia5b8PEUuHECv1k5WINB5NT0gjk0WQTjSWuJ_14_PpTbVzjTLbAj2V7pblwr8RPAq2TeEC_be3OeotbQSYu_s0E1BdxtH8dLU0Y6m4bVR30BOa7yZZtnUoET1zxQ_TsZ1oOuL0JHUV5JwcfJTS-UMMD1mUtTfMq6wgDAkMrsmnnIhxo0_M68KdOpkii3s-DoYBwwXfJ9HXZoV-nThLVdtC_Hw8kgs1MtR__UjOh3Rh3zjh2lUVIkDrAXVbx0GvPtnFgvD4_I83ko5Thb-ddo0uZcrpzzUgM_bXK--2VWdz_ATxWHyeMFdN7w1MX191q-jwtlbT4Vwy9bAU3yNCC3VEqqSrx_bXGjb1wwzWBqxizCFxp9QgQ69I7zCT9fkvr9OGOPh-J-cVWwHWGE44s0_e1jHw7XwiZpyw4QwwY5h-dbShsK4WPV2eN5bPOdfvcKncHhoh7uOCbO2uwPJs-ljSyKYF8_DsrLx8SSvzJnZpXzNE5BykRg5wMeDFLZaP2gYLaPE8IyVRlzMKhqSl1ZB5U2VJZV0GQdq0zteq59_V9pv9tZKi9ZcKdAOqA12Wt_dxHsIu7NR46lc9G2Ee5FQCGVh6OrwT0nsQ50zIyNQ01jnhFat3aVvGNsqfc57Xb_bx1RwLsBn1eUcnGbx41ud8c0JydscLOinUZkOMrjUr0OymSen3l5X_O59DtXE9LYffQxU11hVSOKY5kuKnaSytOmnjm3uA6JMy2qPLPcVk54e2RxqgalqBHm4669CO0BJpn-I9pz2suBMN_45v7ZHaSCx9gH3_d0ewIubNQbWk-dv0HQxRncYBLLFDstiIFJ9HqsTxsRu8TfELSDx0MqOQR7l0ADG68hMhXvpgq1V1zUnlO2mv4SnIHYWe8XLsPwKy_c4KsfHZpJSiijKxOI4XNKR9wdq533JOei_6O8InAoZeayRByojLVaC4zDBZnSeo3RKKjNbJIxZfFbWwhbTw3lARD4UroQ96F861oku_2q6cZVy7lY44DUlCT_rGxq1I55xz5OEGABoNkt9-kcYQ9RONzdWAuAdPRagfLIc6Rj6omxc057bu-bnhLmgksslV5TQxdBGHIRuNYlQMVmNgqD-GZT7YOsGxgTisXQIIRWE3NcuoPomGgmMb-3mMag8R3W6kzK_YWDCl2o27mfVFtzXBzi0Nwvr0gCRA6Fyl-ZbyU64WCOnrRgEJUYL9pgDEuYxQXvk6Xvs4rTLeypWXMaTGFYWYlw_tdQlDFwp6mGL6n57dKxP2pOXa8_KmGKvLyoK2Inu7rSvALt1aZ7RapLGAyDcL7S049fjpEqDkrtLdjfsWOpV5M78k01tcjOe8rhWfC4KMSO3HQMkZ1mQCxAIFrf0QA_NA_g0OEERIKAi5WQoC52FVqjyy9oTP0CbJ5CIqw2Zl09mt_KWdYS7MrbjqlnajgMcSnRX5CwEnyYj8-2GYmdwLNctg7DPz6fVUT3dA8YSnAPd3BN63W1Nkp44lEpOXf4a7VbbMqZIM62vvQPUIHwkreoMV4yO9M1-jKBUrcS8313_E2dL0L11EsULNz8jO8fUr4ke62dRzuXGnhrIdk3kkG2LaHnOkonOtFmqKRycbS3bIbbt-JFuXLvo4SZDbCd3RThKZz7MfpVnlno6snysRVJvDlaIlHwl9gD_UZXpZ14PwjSNX46Lw493A0ERf1b3f5AM_4tLOyWyecdJA7z2qSY07rzv_WK33fSiU04Ss6G_tLXAFrjd1y21s4aPZOdmH17MLeA1v4yzEcTJ6ET02nNJpByobpfQ0d63BEkG7xC4-HO4-z3VhG3KW7je-pehIuDmMaoy80oly5QWLX9k-l_nOwM9WvPY9yforqGeOGvWxpL4P55erNnPyY12lbAmtGmrWd0ZwdcoMFiO6l6YEF_10MexfKSuBgaROxeb9BjKdIfMrBIveMS71dISH6LlF4qy6MN9iiIH4ETv8U_i9w8QhlE-9hSeQxIMQIR-Cm3B5awZQtmb0bxgc5ejvjzEOpW_gV-kqevxCjG1U1ZIlIwkdIap0_mMmSk2uuv4xua2Z39zwzNeUwNxixLvqQcSBNYd9KpzQoHVKErEVFH8hMLbDW7k1_tEhX6gHRYdLRmsKs5afb8mpxWrhw0kNPmaRfh3rD9Z74TEqOqBgGoiH8lvgCMO9vYskhlTmgTQj9Dd4j8Y8tM3E3MoTOVjJo8IaPuQqWd3YG5HWRw80bIVOfUwxC_TxCfURo_J-_qkQlQopBxn-DWzkSty8k5hy2RUgplrbqrYXJaXHSqF6urCSTNSzg&cid=CAASPeRocizmhE13KXPMs-I53_iGLuk9YNdKGYYhpVd1yWDTU-lwWkTohql9F_23ChRK_vgPZ5vi_2sbPsrX_E8&rfl=1%2Chttps%253A%252F%252Fwww.dailymail.co.uk%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:20:16 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/ Frame 77F9 22 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09f0fa32fa39db3e3da2eea89bf806be0b147366343a0934e30f164a12431b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:13:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8608
x-xss-protection: 0
server: cafe
etag: 12149544148951276823
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:13:54 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 4890 2 KB
3 KB 246ms
39ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=22899578&p=156054&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1&async=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: b42dd6b0014324d446d5df276006608ee2d9d3ad8476d4210c0f2f4167933d8c

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:46 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 1900
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
823 B

365ms
61ms

Script
text/html

185.33.221.15

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:49 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.56:80
AN-X-Request-Uuid: 72ef098e-4b9f-4808-88cc-bf4c939bb07d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.146:80
AN-X-Request-Uuid: 1054466e-ae0d-475f-bce6-8b573bc83064
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 4E63 2 KB
3 KB 58ms
56ms Document
text/html 2.18.234.21

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c03192f2470f982643a9e0838108b93c48ad38c2b592e29ee39c7372b4d31041

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YJEuD.nVy5V1IJwfNNfOrAAA; CMPS=5181
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|45|241|230|73|90|188|13
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1788
Expires: Tue, 04 May 2021 11:20:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Connection: keep-alive
Set-Cookie: CMID=YJEuD.nVy5V1IJwfNNfOrAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:48 GMT CMPS=5181;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:48 GMT CMPRO=1171;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:48 GMT CMST=YJEuEGCRLhAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 05 May 2021 11:20:48 GMT CMRUM3=e660912e1027600&f160912e1005a0&bc60912e1005a00&4960912e1005a00&5a60912e1005a0&2d60912e1005a0&2760912e100b40&0d60912e1005a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:48 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 5FC0 30 KB
9 KB 61ms
49ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e23d6a22a546762e5fcef2d5d4a189087c29034daa589e0a37b333ec4691ee09

Request headers

Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:48 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 21:43:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=10649
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9235
Expires: Tue, 04 May 2021 14:18:17 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E4DC 0
752 B 141ms
47ms Script
text/html 185.33.221.15

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.137:80
AN-X-Request-Uuid: c12d0ea8-f017-46ad-9341-64738e76b486
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 81CB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=74fc6091-2e10-4200-9df3-49d8458de59d

43 B
106 B

81ms
79ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=74fc6091-2e10-4200-9df3-49d8458de59d
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Tue, 04 May 2021 11:20:42 GMT
Server: MT3 3709 11aaa92 master zrh-pixel-x8
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=74fc6091-2e10-4200-9df3-49d8458de59d
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 04 May 2021 11:20:41 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 81CB
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=64Ko0O_XoNHwi_fQ5IC817-A99Xw06nT7op_8OmE

43 B
106 B

66ms
63ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=64Ko0O_XoNHwi_fQ5IC817-A99Xw06nT7op_8OmE
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=64Ko0O_XoNHwi_fQ5IC817-A99Xw06nT7op_8OmE
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 81CB
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2965476366224638181
https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=2965476366224638181

43 B
106 B

431ms
0ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=2965476366224638181
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:54 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=2965476366224638181
date: Tue, 04 May 2021 11:20:51 GMT
via: 1.1 google
server: OXGW/16.206.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 81CB 70 B
264 B 147ms
57ms Image
image/gif 76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=941726d0-6021-3356-4509-c22cbda51801&gdpr=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 81CB 170 B
188 B 163ms
94ms Image
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Yjg3OGY1MWEtYTk1Ni02ZGYyLTUwZTktOTg5NTc3NDdkNjYx

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 81CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEkou2-BFQeJJgx1J02C6tU&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEEkou2-BFQeJJgx1J02C6tU&google_cver=1

43 B
106 B

544ms
50ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEEkou2-BFQeJJgx1J02C6tU&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:51 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEEkou2-BFQeJJgx1J02C6tU&google_cver=1
date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 google
server: OXGW/16.206.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 216A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=5a016091-2e10-4300-b624-bf16c58fb3f0

43 B
106 B

81ms
80ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=5a016091-2e10-4300-b624-bf16c58fb3f0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Tue, 04 May 2021 11:20:42 GMT
Server: MT3 3709 11aaa92 master zrh-pixel-x7
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=5a016091-2e10-4300-b624-bf16c58fb3f0
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 04 May 2021 11:20:41 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 216A
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=0JKUeNTHnHnLm8gr1JCAfoWSzCjLkpQq1cH8vJSf

43 B
106 B

65ms
63ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=0JKUeNTHnHnLm8gr1JCAfoWSzCjLkpQq1cH8vJSf
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=0JKUeNTHnHnLm8gr1JCAfoWSzCjLkpQq1cH8vJSf
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 216A
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1349619796664030756
https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=1349619796664030756

43 B
106 B

430ms
0ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=1349619796664030756
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:54 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=1349619796664030756
date: Tue, 04 May 2021 11:20:51 GMT
via: 1.1 google
server: OXGW/16.206.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 216A 70 B
264 B 143ms
58ms Image
image/gif 76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=941726d0-6021-3356-4509-c22cbda51801&gdpr=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 216A 170 B
188 B 158ms
94ms Image
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Yjg3OGY1MWEtYTk1Ni02ZGYyLTUwZTktOTg5NTc3NDdkNjYx

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 216A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK_xBlVlSPuaXQRVZJyh14U&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEK_xBlVlSPuaXQRVZJyh14U&google_cver=1

43 B
106 B

544ms
50ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEK_xBlVlSPuaXQRVZJyh14U&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=36664cef-3484-4aa7-9d01-fa4f6f6b2d4e&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN (),
Reverse DNS
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:51 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEK_xBlVlSPuaXQRVZJyh14U&google_cver=1
date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 google
server: OXGW/16.206.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame DDC9 2 KB
3 KB 92ms
46ms Document
text/html 2.18.234.21

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 98581282b33291590b5ce88948c235aae8503c8325f99203ae41fd9f0bf0eeb8

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YJEuD.nVy5V1IJwfNNfOrAAA; CMPS=5181; CMPRO=1171; CMST=YJEuEGCRLhAA; CMRUM3=e660912e1027600&f160912e1005a0&bc60912e1005a00&4960912e1005a00&5a60912e1005a0&2d60912e1005a0&2760912e100b40&0d60912e1005a0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 46|4|3|206|64|111|90|47
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1567
Expires: Tue, 04 May 2021 11:20:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Connection: keep-alive
Set-Cookie: CMID=YJEuD.nVy5V1IJwfNNfOrAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:48 GMT CMPS=5181;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:48 GMT CMPRO=1171;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 02 Aug 2021 11:20:48 GMT CMRUM3=6f60912e1005a0&0360912e1005a0&5a60912e1005a0&bc60912e1005a00&4960912e1005a00&f160912e1005a0&e660912e1027600&ce60912e1005a00&2f60912e1005a0&2e60912e1005a0&0d60912e1005a0&0460912e1005a0&2d60912e1005a0&4060912e1005a0&2760912e100b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 04 May 2022 11:20:48 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7D3F 624 B
300 B 121ms
67ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKPK0wEQmJDhlwIYidrZpgEwAQ&v=APEucNXMEyksHAlJYapfnfzplE0JoQmYAxSpG_YPyYS6mj4ZBItjMuK5cCbQNfFhjizKkbh-K7On9GFwJocDhkuCslfPe3NSWBijb20cfZZLsfcYL2qz_oxfb6CP-wmBQykttZQJuYKMBGTg8BDMMCS5G0_AcOQQNWxvvXMjMIIkTK726rqucXPMUEJj_rxxgjtt3044hKfSooZJgVaBmQvpFUEals4doky6dJSYDYYTzLooNs6Z8uw

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CKPK0wEQmJDhlwIYidrZpgEwAQ&v=APEucNXMEyksHAlJYapfnfzplE0JoQmYAxSpG_YPyYS6mj4ZBItjMuK5cCbQNfFhjizKkbh-K7On9GFwJocDhkuCslfPe3NSWBijb20cfZZLsfcYL2qz_oxfb6CP-wmBQykttZQJuYKMBGTg8BDMMCS5G0_AcOQQNWxvvXMjMIIkTK726rqucXPMUEJj_rxxgjtt3044hKfSooZJgVaBmQvpFUEals4doky6dJSYDYYTzLooNs6Z8uw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 04 May 2021 11:20:48 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure IDE=AHWqTUlDcFSo7FeEU0bBDfBwUsGkJOw4LOppSJzJe8k5JgRLQnxOZMyAtoU1ktj8; expires=Sun, 29-May-2022 11:20:48 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 04 May 2021 11:20:48 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6627 56 KB
23 KB 181ms
126ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DHBOfZ-_52pNMmPuPMbpyYdqDN6iuJMjC258gYhCTRd46ZpPhiFSX53I8aHiZOlZ_2GQzHI4G-zX1h4MDbEu2zngEREvBnpj4kT77jjH5pxYeQfTKKw0IR9NBjyAVRBKXs71ZVE9IcmSF_tsqqBKOLfUfqfw&dbm_d=AKAmf-A_e7hMgqtl3_tZfIOAAwMqDzjiVylpFejlsrHaAKWwXxjaNxSTnO7ixNoLUYTyHHJWn3IOwo8aTLBF0z0aOfRXRsarbHGlLlrC85gzNjKzwh0fBqvlPtf-hgnVqklT4CvrDb0HV4oRxrF3O-l1Lq9VNOZcQzS2UEvMpGdAw9TY2VBKwsiOxs40aIoCgmqVQHr1VoKpDebVefe5cCM99bU24qKkMivqg3ez8vEtA0t9R2Wqxo2vSxhveAEMH7nSEDFuU7FykhwWL2VdhU-lSrrKRG90fUsFjuKOq4HBZ6jfZuoflopiZuKg0EPh0iNS6UCuZjm55el9mbuj8kVy3SDbtJFBnXUSu_ClWJTWtawFHQ2twGRf_WFSRoILNr1agVmbHVbOS1hipQsDSbxCnW7LoQsk9er6fMpKZdwm5Qo9Hq449Mv58CS0xhhjMFn_4NosJjXHasPLHEP9LM2K1ecQd2ob-b8mlOTGkTv6KALzDQrg6ntG5C0b3yVGs_IK7uA7HBVjSrPJlzqiShTDKzko6ZS7PR-BbaZzvLjV9WmNOeB-XmynwXdEN2UT9e2By1AJcynCx25W4jTSR9yZbEby_UpFq6QXnuD82g76i-15-b-XoWvLPE8_93VujTcm7t6WUBYvpGrVXitAawvcUBxQYrGO1rDeUkgIDGJLSzEN52X43PMranpFfYfkBjtnPT15cS1TQOVYFF7aPcVWIoPnQKoydYK_se_MZ8gL7ympy0jlNXxUU1s2uNWyf6ayiw_PdX9fIr9YCSm9_xfYkMUPSRVHUJc0cJRemDTiEAQHqKZ8n66rTPzNjZJsssh101cI0atWBt5_SxDumde8K4x5L_VrgjcsBKLRHfSlYuTkBwjPpH7d_k_l0_670Ec66XpwhJWEH800WjWj7F63wA73I8EAhGLUF_Zuv1vhIVUQPcJJHOeNtA8KCiLoxVjAfQ3wpOCTSBv0q1K3rYuvkCU7g5v1PcU5XdZFhEvQNlvDWYH7FBivS0K7LB5jnfLAiHQo6o8eG8WsnEOXyh-pz4N99eF8oL5voWUK2litvZxS83t4uaZBdVxjnFIYXF1nIC9T-bnrJFjOzVpV9GlxjDW_xaoT46Y3cZgMFfqVEsPKrkxmnjLwl-dvHcJjCe6uTgHcj9bKgKOnPkFIyyKiSm1OFZLVCual6uMrNS57wQx2Ml_cyRblkwzD60tliq-2VnmTIneDKfXlk3MXwA92H9yg-7OeN711p1RkmevEmX4j5PJlqMWCrCqLfbqZEmJ7wrpYHgGocikX3xCce-RD_ev87pTJ-DkqC8q8VPcao5si4acchBc--3BYuOueNMP63sBB8HX5nyOuGJEDed4R2YJ6OffOKcWbhraskgXMxynLATYfpq9b8-s8hu1pAm7wcKZBGA9wOpHbXlThhDlfXrp56Rx4X7KE7M7KvRO60nkHlj89BnKNoW-U4RnM8a6P9ODoMepzfOqGpDYL3xrbTf8yL_btZFEhvXNZZQQNYnC4ISi3g3D5oeYzJLJzaJDoItctI5RegWI7nNIUxOqJuj9NNPB5cryhLHJEvPDgyMLwuHKEmd71ZiAuNIzgOS6oyOOr-T1g0TiFiNLdQOiqrklCLtpT42PdQDqAZGqsgp_v8FYvrhZqUVSgPA_YZxog7-5tH41siqhfjL0uo8-URWJrN7NuJ4t7KNiAy97wPUXlnm5BQC2pXUdGxT44rKE2gwUwLWgaXw1kPkluWJc23pVeUBm941lVGvXkPIIFCwdDu6tvzXPlWbnq28ew9sCW45B3hq4xnRSIocRZW2-xjB3ASeU3vfNs-PSB_xZDiZ2yV_h6X213TaIHjBOLFOym76CzkXMSjvM7oeXaQXAeNOc9zRCVOJ5_IJVg7OvYC5MJ1PJgPIZalkdFZ0FNHlBniSd8-neXbFlqqMbUM9S6UKm0jEOyqsWhG7p8aWFg7whHHVcMg9hNmaaEiBREEn3ptxJVXUOA9b2duHYam3Efqn5oUlx_5ktO_bBBUoX-iPYi5TDcgBDqbRvMcMFkzPqLAOzhgAYqdAnx7KttKxdIKqezgSZTdtJN-TpazR8QBjek-K8TH6kLV6gmG2wDC-GEap76mEzsSdDZg9WZGAu9dTqjm55Mpvp9nBDlurxhEEXn2oRK3njlokAI9t4Qd5ipyDEsfqjtWDow3wfWJprp-2FMikpCYS8MSq4ffFfqLemEbTVj268NUiuX7bsmA7TWahGUstDwSkMaDrnscJuSpFmiXoyUtk9FWYWrzzq4VQaQE2bEGq2nC-AchP2jUOqzeFm3Qd3SaQFQJirIrYAlS2ssQM362KTvX70W-pTMmKO6b53_gRlWcAlcMXYNNGTZVUYrl6H89jzdoN1so_OqzhRq43Ymrf1u91zWuWS82Y8PaMyymRk-wpbUfv5c3vp-YUeVhSfBunl8PUmWX8cHoVBJnHlmmT1YGk09ztMgt76wQ3AYN103MKGKCoK7HruVTUYV40eLkPVU6u4RIzK9UUNTW0reP4enHPcSJD0D_xHgLCzNd2bQ-kwklV64qEJOV3o3svlU2hw05mDrjfb1uhDD-z_hz2_07-v-wQqQ6BdhMk4tc96RB28vWVgbBqvMPbXatgRg4-tXm00My7UezIfvkSZ40KT-fA1R7BCA8NyKDYZfcStmtSyMFOObmEboPfyoPMrFOjZldPFB64taD7SaoQDrBY2GGMQgO1zgNpB6IRPXRgqwqoeUW_AnqfuH1NlFUR3qlYAjYs52e7y1rCaGf6lWXOTQk5VhM68_qn_EK8pV0MpY9vSkE6CMdhCyJD0KOXjorWRcwdL8a6CGqOO3sYw_g0hLxDFPLoOEAvPufbQWE_papIQVuqftHDXMGUN3xI71nxB2oKuX9IDcyb8CanfQV6NrR2AiDb6xBfmPmgBSD3XiM_M1v9e3Yvhw65hVF1oG4CnZtl_ow1U-X1h9Wy4q_LvXer-6_RlJc8-DxAdI4iSZj5wCGoXU7jo0VJpJ7lZW&cid=CAASEuRokSQuUy3c92JPNijn-BCuEg&rfl=1%2Chttps%253A%252F%252Fwww.dailymail.co.uk%252F%240

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b31e58737f6c1740b057fb82f36efdee8ef26c0ff9aa1012eea63109a4797d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23386
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6627 42 B
63 B 161ms
116ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DW4iKtvyMS3AhPKwKZabPrGqj-BzkNFkcc8OG3tDoNsVWQBIHG1O4dB6B1XVIqoz2e0u5TBNS2PU2pRrk0rGABK2UBtt7buX-fAJdIxTUmvdr-pBU

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 6627 2 KB
1 KB 201ms
149ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/window_focus_fy2019.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:20:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6627 116 KB
35 KB 74ms
32ms Script
text/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

bdaa38f52441bf7af0793fbf059e5598ffd9d18fa264b14bd55f6b3655fcc958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620056514301796"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36023
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:48 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 6627 13 KB
5 KB 74ms
24ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:18:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:18:37 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 6627 0
0 215ms
91ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSyx60c9SD9sDqdAyP4UIUHB5J-9uegM5GsykZIC7gYbWuwQrYdOsE-YLv7_ZrqlVU_Yk3TYN3O2Dz9J8dQYjVzZVqucQ
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 st Show response
imprammp.taboola.com/ Frame A918 0
52 B 523ms
9ms Document
text/plain 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=1534696EF116414941118610276&cicmp=1337627&cijs=1&dast=V7gCQCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHG7HajGbL2YrGWMxGi9FyNBhOVpvlcjbbLGFiFovFaLhajcaaxWIxmsxWwykYbOFzurvbwIGm0-Fz3et1v99d5HCanW-H02zX-O2qr18OAAAAAA8ARC3REDu-De0RAAAAABI8I9cKFAEV_xYCFwAAAAAYAARi4RoADRwG9nTZ7Q5_AAA8FIAAAAhghAC40IuLAAAAAIwAAAAAkAAIJBaWADjcLZoAAATk3WyIp54AAAAc1Mk8bbP8____xwDkvTfJAFCkbdwY9AA8-AA8CAEAAFwMhZMBIF2v-u0QFSQWMQIAAADI2kUVP5rUCZVF1f___78VwBUAQEDezYY4ddbNSTFrGAAAAMDYAj0sfr_ZYdf43S77_________zf7PwNAEwK6VkgLEqwfVuMZuVZY-wUEAGB7NwCAtwC4mAOwAwAAALj7____zwMAAFjZo2R7rcazR1nvM9jC53R312_CFqPVZLJZDmfLxWQwHA1Ho_0J4HKAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE5yQ4WgzWY12q91kOZyMRrPNZIMUrVrNRpvBcDWbzHa71XAwXI5GSNGaxWwyWcxGy91msJyMBsPJcIgHVefS-bw6Hx1wOVcMd3PFbDiXTGarBAAAAAAAAACwhCnzJgAAAACnQcxmk91uxY03eyaItVotawAAAABu3cgB!&excid=22&tst=1&docw=0&cs=false
Requested by: Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: imprammp.taboola.com
:scheme: https
:path: /st?cipid=7991117&ttype=0&cirid=1534696EF116414941118610276&cicmp=1337627&cijs=1&dast=V7gCQCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHG7HajGbL2YrGWMxGi9FyNBhOVpvlcjbbLGFiFovFaLhajcaaxWIxmsxWwykYbOFzurvbwIGm0-Fz3et1v99d5HCanW-H02zX-O2qr18OAAAAAA8ARC3REDu-De0RAAAAABI8I9cKFAEV_xYCFwAAAAAYAARi4RoADRwG9nTZ7Q5_AAA8FIAAAAhghAC40IuLAAAAAIwAAAAAkAAIJBaWADjcLZoAAATk3WyIp54AAAAc1Mk8bbP8____xwDkvTfJAFCkbdwY9AA8-AA8CAEAAFwMhZMBIF2v-u0QFSQWMQIAAADI2kUVP5rUCZVF1f___78VwBUAQEDezYY4ddbNSTFrGAAAAMDYAj0sfr_ZYdf43S77_________zf7PwNAEwK6VkgLEqwfVuMZuVZY-wUEAGB7NwCAtwC4mAOwAwAAALj7____zwMAAFjZo2R7rcazR1nvM9jC53R312_CFqPVZLJZDmfLxWQwHA1Ho_0J4HKAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE5yQ4WgzWY12q91kOZyMRrPNZIMUrVrNRpvBcDWbzHa71XAwXI5GSNGaxWwyWcxGy91msJyMBsPJcIgHVefS-bw6Hx1wOVcMd3PFbDiXTGarBAAAAAAAAACwhCnzJgAAAACnQcxmk91uxY03eyaItVotawAAAABu3cgB!&excid=22&tst=1&docw=0&cs=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

server: nginx
accept-ranges: bytes
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
x-served-by: cache-hhn11524-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1620127249.809926,VS0,VE8
content-length: 0

GET
H2 200 cmTagCUSTOM.js Show response
vidstat.taboola.com/vpaid/units/28_3_10/infra/ 727 KB
132 KB 108ms
45ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/28_3_10/infra/cmTagCUSTOM.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/27_2_17/creatives/creative_js.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: aa7c984cd510935c132345bc7d579dfcde68742f7b11b599b905310f7164718c

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
age: 990309
x-amz-meta-mtime: 1605697226
x-cache: HIT
x-amz-meta-ctime: 1605697428
x-amz-meta-mode: 33188
content-encoding: br
content-length: 135037
x-amz-id-2: rSEH+7gUBZAHq2MnGJjax0Kliv1duuXm+QfHzTZzdC45UhfPmplsVgBqIqKsGHmYV35IqLOEhiI=
x-served-by: cache-fra19126-FRA
accept-ranges: bytes
last-modified: Wed, 18 Nov 2020 11:03:50 GMT
server: AmazonS3-br
x-timer: S1620127248.371693,VS0,VE0
etag: "37b0b0415484e88063c945bde767ba70"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: 3V7NXGE65G7SWPVE
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 8489

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/28_3_10/assets/css/ 44 KB
7 KB 77ms
30ms Stylesheet
text/css 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/28_3_10/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/27_2_17/creatives/creative_js.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 4e7681cdfb27c5d0457c58c9f0fe26a68bbf6a8dc88defd3c43826adb1fe6ca8

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
age: 1928115
x-amz-meta-mtime: 1605697226
x-cache: HIT
x-amz-meta-ctime: 1605697397
x-amz-meta-mode: 33188
content-encoding: br
content-length: 6493
x-amz-id-2: wyVbznJC+qBpcdfkiPkbVqf91P/lznRp8qUAtLFEnhP5cZkKgGDIp+xzGW4CWOR791HCFRuRBQs=
x-served-by: cache-fra19126-FRA
accept-ranges: bytes
last-modified: Wed, 18 Nov 2020 11:03:19 GMT
server: AmazonS3-br
x-timer: S1620127248.371637,VS0,VE0
etag: "083925e970a05bed26a70ecbfde9c0ca"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: 8318182254431FF2
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: text/css
access-control-allow-headers: *
x-cache-hits: 176474

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame D5AE 70 B
264 B 125ms
12ms Image
image/gif 76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

xuid
eb2.3lift.com/ Frame D5AE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEAAUdG_Eo9vnSx8mbUeqMbE&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1

37 B
352 B

43ms
40ms

Image
image/gif

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEAAUdG_Eo9vnSx8mbUeqMbE&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEAAUdG_Eo9vnSx8mbUeqMbE&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D5AE
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://eb2.3lift.com/sync/google/demand?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D&google_tc=

170 B
188 B

439ms
256ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D&google_tc=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c.gif
c.bing.com/ Frame D5AE 42 B
407 B 449ms
0ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=2836512862482067061&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
etag: "506f5bd17ad71:0"
last-modified: Tue, 23 Feb 2021 19:11:50 GMT
x-msedge-ref: Ref A: CA7F097D00124FB3AF0F62F31CF94870 Ref B: FRAEDGE1406 Ref C: 2021-05-04T11:20:48Z
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H2

200

xuid
eb2.3lift.com/ Frame D5AE
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/2836512862482067061?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-tVKaYehE2oRJTTLR5CuOHYPdC7rNr5ipPBCeREcZEg--~A&dongle=0883

37 B
352 B

49ms
47ms

Image
image/gif

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-tVKaYehE2oRJTTLR5CuOHYPdC7rNr5ipPBCeREcZEg--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Tue, 04 May 2021 11:20:48 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-tVKaYehE2oRJTTLR5CuOHYPdC7rNr5ipPBCeREcZEg--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame D5AE
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=1%26gdpr_consent=
https://eb2.3lift.com/xuid?mid=3335&xuid=3668742791086096242&dongle=4d58&gdpr=1&gdpr_consent=

37 B
352 B

46ms
45ms

Image
image/gif

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3335&xuid=3668742791086096242&dongle=4d58&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.185:80
AN-X-Request-Uuid: 1e315f11-246e-4090-8b6d-651b66546423
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eb2.3lift.com/xuid?mid=3335&xuid=3668742791086096242&dongle=4d58&gdpr=1&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame D5AE
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2836512862482067061
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2836512862482067061&dcc=t

0
0

139ms
139ms

Image
text/html

52.94.232.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2836512862482067061&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2836512862482067061&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame D5AE
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

191ms
8ms

Image
image/gif

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H/1.1 400
Request failed due to privacy signals setuid
ib.adnxs.com/prebid/ Frame D5AE 0
0 460ms
61ms Image
text/html 185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=2836512862482067061
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.15 Amsterdam, Netherlands, ASN (),
Reverse DNS: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 400
Request failed due to privacy signals setuid
ib.adnxs.com/prebid/ Frame D5AE 0
0 453ms
61ms Image
text/html 185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift&gdpr=1&gdpr_consent=&uid=2836512862482067061
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.15 Amsterdam, Netherlands, ASN (),
Reverse DNS: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 46FB 70 B
264 B 116ms
13ms Image
image/gif 76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

xuid
eb2.3lift.com/ Frame 46FB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEPqoDMzp488RTUpHq1WqQ0o&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1

37 B
352 B

44ms
43ms

Image
image/gif

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEPqoDMzp488RTUpHq1WqQ0o&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEPqoDMzp488RTUpHq1WqQ0o&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 46FB
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://eb2.3lift.com/sync/google/demand?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D&google_tc=

170 B
188 B

439ms
256ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D&google_tc=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU2NTg1NjcwMjEwNDEzNDkwMjE%3D&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c.gif
c.bing.com/ Frame 46FB 42 B
246 B 446ms
0ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=2836512862482067061&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:47 GMT
etag: "506f5bd17ad71:0"
last-modified: Tue, 23 Feb 2021 19:11:50 GMT
x-msedge-ref: Ref A: 9F80FD3EC2D04586AA6F72D8A2EA1138 Ref B: FRAEDGE1406 Ref C: 2021-05-04T11:20:48Z
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H2

200

xuid
eb2.3lift.com/ Frame 46FB
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/2836512862482067061?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-uIDkmrhE2oR6JqHn7c4cm0vK1YXz57.4omNgWaLc9w--~A&dongle=0883

37 B
352 B

49ms
47ms

Image
image/gif

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-uIDkmrhE2oR6JqHn7c4cm0vK1YXz57.4omNgWaLc9w--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Tue, 04 May 2021 11:20:48 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-uIDkmrhE2oR6JqHn7c4cm0vK1YXz57.4omNgWaLc9w--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 46FB
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=1%26gdpr_consent=
https://eb2.3lift.com/xuid?mid=3335&xuid=3668742791086096242&dongle=4d58&gdpr=1&gdpr_consent=

37 B
352 B

47ms
45ms

Image
image/gif

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3335&xuid=3668742791086096242&dongle=4d58&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.243:80
AN-X-Request-Uuid: e1f9a9e8-b020-4873-ad82-ce80a7113bdd
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eb2.3lift.com/xuid?mid=3335&xuid=3668742791086096242&dongle=4d58&gdpr=1&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame 46FB
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2836512862482067061
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2836512862482067061&dcc=t

0
0

130ms
119ms

Image
text/html

52.94.232.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2836512862482067061&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2836512862482067061&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 46FB
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

192ms
8ms

Image
image/gif

18.196.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H/1.1 400
Request failed due to privacy signals setuid
ib.adnxs.com/prebid/ Frame 46FB 0
0 482ms
102ms Image
text/html 185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=2836512862482067061
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.15 Amsterdam, Netherlands, ASN (),
Reverse DNS: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 400
Request failed due to privacy signals setuid
ib.adnxs.com/prebid/ Frame 46FB 0
0 520ms
39ms Image
text/html 185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift&gdpr=1&gdpr_consent=&uid=2836512862482067061
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.15 Amsterdam, Netherlands, ASN (),
Reverse DNS: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 7649
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuDBaoH_6AHlDqOKDgawAABHEAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuDBaoH_6AHlDqOKDgawAABHEAAAAB&dcc=t

43 B
433 B

311ms
138ms

Image
image/gif

52.94.232.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuDBaoH_6AHlDqOKDgawAABHEAAAAB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:50 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuDBaoH_6AHlDqOKDgawAABHEAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 7649 70 B
264 B 485ms
48ms Image
image/gif 76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YJEuDBaoH-6AHlDqOKDgawAA&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7649
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YJEuD.nVy5V1IJwfNNfOrAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiN6EQMa5Tj_W5dz0mkBGg&google_cver=1&google_hm=2
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiN6EQMa5Tj_W5dz0mkBGg&google_cver=1&google_hm=2&C=1

43 B
1014 B

195ms
42ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiN6EQMa5Tj_W5dz0mkBGg&google_cver=1&google_hm=2&C=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:53 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:53 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:51 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiN6EQMa5Tj_W5dz0mkBGg&google_cver=1&google_hm=2&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 325
Expires: Tue, 04 May 2021 11:20:51 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 7649
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJEuDBaoH_6AHlDqOKDgawAABHEAAAAB
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEEnWoc8Ntm02QCWHH3QhyNY&google_cver=1

43 B
315 B

113ms
38ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEEnWoc8Ntm02QCWHH3QhyNY&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:49 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:49 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEEnWoc8Ntm02QCWHH3QhyNY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7649
Redirect Chain

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

43 B
315 B

248ms
45ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:51 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:51 GMT

Redirect headers

date: Tue, 04 May 2021 11:20:49 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H2 403 match
c1.adform.net/serving/cookie/ Frame 7649 0
331 B 481ms
0ms Image
text/plain 37.157.6.246
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=29&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 200
OK CookieIndex
rtb.adentifi.com/ Frame 7649 0
88 B 513ms
224ms Image
text/plain 52.202.1.196
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.1.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/plain

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7649
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=7EC00AF41972439885E1EFB414249DD8&gdpr=1

43 B
1 KB

243ms
69ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=7EC00AF41972439885E1EFB414249DD8&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:50 GMT

Redirect headers

date: Tue, 04 May 2021 11:20:48 GMT
x-content-type-options: nosniff
server: nginx
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=7EC00AF41972439885E1EFB414249DD8&gdpr=1
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Mon, 03 May 2021 11:20:48 GMT

GET
H/1.1 200
OK i.gif
mfad.inskinad.com/udb/9874/sync/ Frame 7649 43 B
875 B 564ms
128ms Image
image/gif 23.21.47.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mfad.inskinad.com/udb/9874/sync/i.gif?partnerId=1&userId=YJEuDBaoH-6AHlDqOKDgawAA%261137
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=184665&cb=https%3A%2F%2Fmfad.inskinad.com%2Fudb%2F9874%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.47.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.16.1 / adzerk bifrost/
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:48 GMT
ETag: W/"2b-6KwiS6nul+h2cO1vOi8BKLevn+Q"
Server: nginx/1.16.1
x-powered-by: adzerk bifrost/
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: undefined
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Origin, Content-Type, Content-Length, X-Adzerk-Explain, X-Adzerk-Sdk-Version
Content-Length: 43
x-served-by: engine-production-i-07a6d4c48b54e926b

GET
H2 200 st Show response
imprammp.taboola.com/ Frame 3971 0
147 B 478ms
9ms Document
text/plain 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=3213FBA134136506634936733&cicmp=1337627&cijs=1&dast=V7qNQCFgNtXNVOGK3ETQRtXNVOGK3ETQUAAAAGBugHGTNZbGYUBmMzWmxmq8FqNRuNFsPRcjgFgy18Tnd3GzjQdDp8rnu97ve7ixxOs_PtcJrtGr9d9fXLAQAAAOABgKglGmLHt6E9AgAAAECCZ-RagSKg4t9C4AIAAAAAA4BALFwDoIHDwJ4uu93hDwCAhwIQAAABDBIAgcTCEgCHu8UTAACAgzqZp22W_____xiAvPcmGQCKtI0bgx6ABx-AByEAAICLIbl0DYjcTLNGooLUIkYAAAAAWbuo4keTOqGyqPr___-3ArgCAAjIu9lg18m6OSlmDQMAAAAYW6CHxe83O-wav9tl__________9m_2cAaEJA1wppQYL1w2o8I9cKa7-AAABs7wYA8BYAF3MAdgAAAAB3_____3kAAABhe5Rsr9V49ijrfQZb-Jzu7vpN2GK0mkw2y-FsuZgMhqPhaLQ_AVwOcCIGy-VkspjsVqPVaDPcjWaDBQrEYIITMhxtJqvRbrWbLIeT0Wi2mWyQolWr2WgzGK5mk9lutxoOhsvRCClas5hNJovZaLnbDJaT0WA4GQ4R5ja-1WY38qwVm8FqLdoYR26Fw-ZZKwwr48ziW9hWzoVb9PqYfsOFxTNc-dEBl3PFcDdXzIZzyWS2SgAAAAAAAAAAS5gybwIAAABwGsRsNtntVtx4s2eCWKvVsgYAAADg1o0c!&excid=22&tst=1&docw=0&cs=false
Requested by: Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: imprammp.taboola.com
:scheme: https
:path: /st?cipid=7991117&ttype=0&cirid=3213FBA134136506634936733&cicmp=1337627&cijs=1&dast=V7qNQCFgNtXNVOGK3ETQRtXNVOGK3ETQUAAAAGBugHGTNZbGYUBmMzWmxmq8FqNRuNFsPRcjgFgy18Tnd3GzjQdDp8rnu97ve7ixxOs_PtcJrtGr9d9fXLAQAAAOABgKglGmLHt6E9AgAAAECCZ-RagSKg4t9C4AIAAAAAA4BALFwDoIHDwJ4uu93hDwCAhwIQAAABDBIAgcTCEgCHu8UTAACAgzqZp22W_____xiAvPcmGQCKtI0bgx6ABx-AByEAAICLIbl0DYjcTLNGooLUIkYAAAAAWbuo4keTOqGyqPr___-3ArgCAAjIu9lg18m6OSlmDQMAAAAYW6CHxe83O-wav9tl__________9m_2cAaEJA1wppQYL1w2o8I9cKa7-AAABs7wYA8BYAF3MAdgAAAAB3_____3kAAABhe5Rsr9V49ijrfQZb-Jzu7vpN2GK0mkw2y-FsuZgMhqPhaLQ_AVwOcCIGy-VkspjsVqPVaDPcjWaDBQrEYIITMhxtJqvRbrWbLIeT0Wi2mWyQolWr2WgzGK5mk9lutxoOhsvRCClas5hNJovZaLnbDJaT0WA4GQ4R5ja-1WY38qwVm8FqLdoYR26Fw-ZZKwwr48ziW9hWzoVb9PqYfsOFxTNc-dEBl3PFcDdXzIZzyWS2SgAAAAAAAAAAS5gybwIAAABwGsRsNtntVtx4s2eCWKvVsgYAAADg1o0c!&excid=22&tst=1&docw=0&cs=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

server: nginx
accept-ranges: bytes
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
x-served-by: cache-hhn11524-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1620127249.809881,VS0,VE8
content-length: 0

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1FE8 624 B
300 B 362ms
108ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDvo7YCGPGUkl8wAQ&v=APEucNX6-Uq2xv8ESelvrCMeI0JP959dDE65bLsLlOLpelDw-E1zPGq_YD96LZX_1hqTa3mZkRwXKXgljv5N_No3s7FhEtYHeb6YJcqb2pykHvwTj5UiLbR45f6ICM52tJV6XahufVkqEjWmcLbG16ROU3nrEe6RT8vzH0hMwA18hGEJ08GyWpEF7RUXTOjqDk_7qMJFZ2lwx4JpeKVw6DObJ34RNBfJ3Ws0rDATaNhUFMyYWN-aT0Y

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLSETBDvo7YCGPGUkl8wAQ&v=APEucNX6-Uq2xv8ESelvrCMeI0JP959dDE65bLsLlOLpelDw-E1zPGq_YD96LZX_1hqTa3mZkRwXKXgljv5N_No3s7FhEtYHeb6YJcqb2pykHvwTj5UiLbR45f6ICM52tJV6XahufVkqEjWmcLbG16ROU3nrEe6RT8vzH0hMwA18hGEJ08GyWpEF7RUXTOjqDk_7qMJFZ2lwx4JpeKVw6DObJ34RNBfJ3Ws0rDATaNhUFMyYWN-aT0Y
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 04 May 2021 11:20:48 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure IDE=AHWqTUk4hhbldsA-lDcMHXblHdy08e1YZ2ZFM5IHJWfkuIhX20wx51_XaBsBHDyG; expires=Sun, 29-May-2022 11:20:48 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 04 May 2021 11:20:48 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7616 11 KB
8 KB 360ms
224ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ad4668MA8dI9PaleVj7NdgtP1NyZu7INHangyJh-MQ-IMYShCGNHMVcN3W_-q019yOCoIkgLeNKLDkVPO8anxKCpI4dEWG74B6yxuUafyCkbNYvAUStBF91r0z8lyFUaTKeXyXhudXUtx82snyqz525mgmOQ&dbm_d=AKAmf-DiNpJ3V-aWviYi5I38tvJy2S3LeilYIB9ijk6iP9YNt5NQev8AM6F1Z6I45UBX__vccHBSOscIAzuWauzy1BmiiTQrL9g4gIwYHSyLziMyhX9lbGowQqQpRVrF-lgSBINfdjp3u6awt94wkNTUN08nqcNC7TrYhg5L5w69weFSe3kvCKxIOQbo9K-tZ1cJAKSbI0vxaVWaMrRAR49bDau5EH04cl_nBUPq6yWvmUdDcxF2QyL8yuU11dihVIl90-JJkBj0Vjsmcpg89lkujTRKrKEzWkVs2LLAAhYJQVJ1ZdQvSKdTe1Sr15t-Jkv9DT4VILsjv7LkDqkD4bDLtW_kYA3yiTWXk5LRWfjrQAQEZAZL_uo71x6RePKqfUcT9t_tf3Y_x3JwU15v_itShZMeUseHQkFeog2sErIOKudYldOLtfXdXGu7HkTrdgCSguVC4P_-mGSFTFRx7VDSP4-FA70oJiOu15Ss1n1x3IFihax2urmnuGfV7OXzxraeJhTjLRJfWPPyuq2dJZT_6kPVMLJpNoAL4kiwrzfNXAaRG4Pe2tpu4cqgqO-fcC_1IZPkRpDmZ2uMQtVKnM24J_3EIedjwyo7V1YmYhLzsMB5N9ILbl_1libn0ttazg19DNFXZ5z3HHX0HPcu1iEQDDMTv96AuT2bvvLzl1Q6t8iZwRfSLvQm84hkwcjjCDDoC_rgf4-XDS1bqAeFWwbkVneN8V4MK9J6q5KDwQHfCKFHzyzWPqlae_43hKV2hpJnX4TSrIYgMpvBB9o0v_Nf4bij48Ktgvjd7_k_AXsFV5y5DNtXd3eV8d4rM4EmkoyAjaOx0JLQvnJsUX_I4NKxD7aIv72AGX_AZOgCAyWyi0-r0_I56DWtWvYn2fGNnbmOPGuJNx7wNFy_XQI0JJRZ1oOivycrkK0cw50MkH0-WLzwx4J8nnsH8XdvBkVzHf_K9_4gtXdlDEuCqSV6-sOWy8v5WoUwpzxsKgwnr8XDEBqZyLOYY06riNyP5LLSb3tCQFY-ElCe4oWsvb7Dt2e4Dl_4fxx1kiSGSYCOUpH_JzhJRO802zdXvjFhLtvQp-tyBSgG5MV6W85A6POiqam2zogxhoCIKC8VV8GqgRLqcRP_FEc86AIzYoyVv6tYr39LcyejA9sKKptsp_fw7MQ597V9qVYmGHohVnRlRObIuCxBETPBg2tOb6TQ0GoQ9jqD4k54l8XXSTTVgLCTNTh0CHkWRY41OVfnM8_xpiTAKX6W6CWmxpnkPkZpQu59Tl-wEn78E2VHqQp3pf_EmWJi5f7WchLc5z7WvBrKxKcvRx4ldivZsujIqb_HSJIov5FT32N6ExqSV-7nRyvZVQq4C8MlhIZCcADBJPN0FriG57yjicyMjAKsABA0KR11EoK2LGnSrW9Yzvi_3FHC0KBYVCJG4CdYAL7uBv1QiWMYCErjSluvoqcGdGdJthtvp3rcUMvQpnrY24oRrupKhLEM8pYALFLWkwcNZvheW3rU-FTlxJSBjjW-uTjNv3Mq-hyENuqdlK_PrRLTzbyzsgQC1wXqxAS5lAhg380tKbywGHxQnAK9JbQOBV2yq18u3USgyU55LgyMoMZFglL7jK6R9A1GCvfBHpbAlBBdpHp4pRAVpIAM_RpcZv0e_srwPLJ8b0ZPNZPuop1O_uPtD0eVBpAjvNnn8wCVOkhKqdRHiqE-YIlE2pY9-djv9na7JFx2-svNujov9WcxBJ_p6Qe7YGE0CCPe9PPHNLkpHLqlW5HtD8MezdJKHkFPT4uaNM2fG_GW5vjB8eZ96mcACWqsRBnJFyN5KkiOzpMms3ByY3ckN9Gb_TgkZCupwGG-3T_JZaKOuX7LRCMugqK3ARwyocemBUCwmNybZjoYMwRCU2yovH5Ti7vjoVQowNPFKwem0S10R82jJXxH5DCs66N5gL9hgf8YFtXSFyjoamJBOF_WWk6CyUjDKKbTwRHkWtTkcLlgd4n76XIWp2GwHeAy5DjMCvgzYUcKou0j3xpDWfgBYmfpHAGwZE9Vd7WDjkM-JyaSVBzDF84TnXpQxuIAjaeYoGNKtC3ZXOV6blqhTIZnDgc36vTyT79pcI6T4DHzoe_jJDylVwzv0L5fkoJR52aXRfB1po-r75-Yon0-4hR4Ea9MMrmuLDPQg1QCqrjpcyTGRD2lC-xTSh4tddJM6bjDC1gS4zAS1B2E5TePL_7096RQEmUpmSYjiBIQyFFC35BqNUSIBv90aASKwkl8N67tb8-d44OtWFl3NGp0JRFiRnbwH1nlE-E3Vs2uKnNFtJ_ZLi9-jgc-9uMsRmmwiCtKT7x8mO2VMZsHtrQoqrJuorjRox2ePnkaRoWOa7qPhFZgO_LmRi0FgjLP679qL5VMwlZB-6ZMDeChycJLIK_utCEKaSqjHQ_CamgqGAyOL9kB9bibvM9BsOPIdiiWeO-pFUkIL7zj9l2ri7ql0DdEWFb9Qeoye5pVkXqUFjP1cVpb2FHPGC42KrfrKwBCs7vUcORQnX83zjeZhnXk4brWvoBMVZ-lX_LcFK-ePn5nrSZyCJza2cM3_DULBmNDGYfe2k-Jb-qe-oymjVLqkfgqn0auolGlJcwm3P_T7dv2ZCllD-2BWqXcFqkHvL2dHR39hiPwdw&cid=CAASEuRo6Goj20k17mbKoXBCxbR3EA&rfl=1%2Chttps%253A%252F%252Fwww.dailymail.co.uk%252F%240

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

944c096fbead520f2a787c830dbcb2678285e30e2862f0432385c41a92bc77d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8097
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7616 42 B
63 B 553ms
49ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A91cY4_EVK3Q4veGJPEcXreB78Ch14j780lzxwiTyyuh_ex-M0x6G8L364Mhce_z8q4xQOgv3qpQ92SzgUjw1B8P-omha0qk806VlopcCPdOrNZgE

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/356285/40083639/xbbe/creative/ Frame 7616 229 KB
76 KB 443ms
31ms Script
application/javascript 34.254.6.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/356285/40083639/xbbe/creative/adj?p=APEucNX9XxeUIKzF8tbMadUKHdp08EfsVDr_cXhrDr4Uzy-qlQ585As&d=CnkAoCZ_4PGewg6aNdfSszIgdtYKHkpTByq1tBHSsp0c2y2ihcERLDj2_ShfcYCoiWx0nSS8lGX-1TzuBMb6LLGKtupjl1I1-JZvqFJF1l6HeGsW5_KEXY8kVgIZdffAVLuOXDjpiEx-0WVLlNEcTdiRWmteZI12nc_EEskRAKAmf-BnJ65XSzjHKMuhQ-kYow_-qW9nQcjM1ajtAak18QB-uSD32VRRGoFF8t9ilH4xtjn6wCNqbrQT9o6Y6MK-w1qFKUEdvpjjjwPG4diEO3SXgK9IWWBkH5mLDt1Nghe7e59iKN8dhqo1gMV_ZIBmEHXcFdZUAnQP5QxGa1eY5MHlRawb3KbR5AxHXELLGRSIHJyC9HtNUNCxcoHJbhSxIKU3_J3JNv5dfmggUcMTCJLZ3kqAzR9YjI_GmP72KrnN0BhBRJtrWqu4TSdn4lBEhqwxqIzzLKj2O_aiCPjYUkyVQpfhNzl2hl7Ea4cVRIpqOlVYSc-3qqGpagE5k0JLJnxHXIarPfG40Zw2F9nFggK0O91v29l513k9G2T0d5OD7mHHsPUIJLlpDH_lLSMSxvjJ5dS8yzuoeQzCIY8ilkcbwnW0njTEDPGAIR8b43YbeZmjLz9-PkM6aeIq0VZRZxwmU7vjHSAy5AGe-Ljjri8cqkakKNl2oW4XasQAD1DJi8i2fdH2nrzbQadmkwEbMKf83vym2YoPvNX1eowz9gNudPX0RfMSpu2-sB4mbn0QyO6T1GtC2qF2w3ePf-LHSMsPmyILsbwCz4E68oYQ3RMKeH0nbMehqqhouMfwtQlNpm41zBeb7R6xj2MoVBlc_L23VWNwKs9oNgTEvHcUe6QhRKbbHVtke9xTQ5zDvKHeRKtDMrCFMyR0dWLpNGe9blNs1S2B1DucwjKAMGD-ons7yy9CNFoDddxwoReofX5AA81ZAcnNfGJtizhFbbxcudcP0Dz4ZHM9MQYQBevp-TFIjwnhR1ZXvEnCwug94-YNHOhipcKzvjB9g26KWAJ6v4QpLZWVT7Kx_m-DqR3WRDAAvWPyD--sn5v17lybfYiBMQSJce-Le0qLlB7yTNQi5wNeINlGLPtJS3Z2fVUt5sAiSu8kJJ_ibX6DXhe5DcR3p4jJlmWy2xp8ZaxqkdgSGxY_eMqPhvBZxXzZzoYDjTy6c52ACWa6ikuBtgWxLu3sws1JX0AneGGK_h3Kp9yD_9lEue4Iurm2KobWVAh-T9mQDIYvG5WbMqbGsHFkMzP47dXB3r-5xNPiGYqrBHN9geV1n-dlScyZYUn02c8Ux3c9VXQp6igF6ZOHR71pZ1iobeOGhMwkaQx7FINLbE60KnjewhSsI0q4BK7PiNIE-gQnVqsqW-WScy2O-J6-laKVe1mhaPlVG0URociZVn3DtKlg2ayZ0zNquwVDATk9LfbKLx8YYHucxuUn9QR-J-S6qh3JipwbzRakVNtT2wDhADHLaUgIWMG75PIgzA6ucJrpf-PM6pj58iaBXO4PYbf_vswSTjvqvcuEltKJel4jAaHHCwYX4l4I_3LG7j0o-7Frb0_RmMo1vka8t9-U8aE5iQb0cEranfwtudabUt-JaFfagFeoXZiUCHEmx-qUcc2nGGOJX3DHy0ZArHvNdLvVugAgzaBU8ZKZKZNLXqsLL-4h86BxswQOzYzd946JG3AMhr3bWhyOXNjf6kaM4jemIYpE6IfE7kTlsG5zfwtNyGclAMDDhDeoer0V4c0gUoq_YQIsMSQcS9AraBZi_NmTOV8pSju0U_aueA-XHEJtSp6uRCIrSIwn-KNEevuzHGTgv6W5ZLGhvGCSzPsmUbLwrDiHmcc1GduMOrLdJPaUUKGsy8FgyABkMDRi0UNQWuz9r-yLnY1wZCqru_rc_jzi5_c5g4mPSu7W3TCs6g_yFZAgA1zgbTMJx264oDFKLo0T2pGRDQwgLC1SPpScotZUoqFwOHKCnbbD5C7JJAzDPYDywyaroblKAVrzuHG93qBYiu4FAvk7d-Xkb52zigMNpgp97vVFOGdw3ugGvncfc2WhyM7vvILTQQvsM7zw7MmIdGYlPaU3jzMmT8fGQIvp7uzb5O1JVgHTBRvhq_1DgvK4ues5NYV2A3cV9RuQ-hAOlolIE0ZJhwu6T4iKRwqdNVRVHyOFK9NNu3vCntKUYQJB8nfrw_thCBHdjJDe9fjvIinot6_OobG_tuhQxCO_ocCefqIySVc_mHIDcuJbRRUC_3zZGuIENAwjSnKqFEdBYpvQzmKctk6sPVGG16PhU8gUl-EIeirnl5tjmf-4nL078NbkrpEiAKyiu1tUqtRLYzig_UrkmPgVf-zdCPBPfQ06f705EMwB9tJ_ewMLFAglnjlHlzfB8TM8cjJvB7_-NWKe6OVGjhyBasxhyhlOdMSaTUfdF3eFizDy8zSHQoFvlLY98McW08mLYpEazssgqSk7O2tR4v_edB0Ugl49CCdKiFqkhAzIn6BZW24mwMcuXxkmGDR05esYpygUJB_YiUEEyuHNR5OVOaasTUij3UZxRexl8-c1vUnJWRhpif-FJoj2PLFx7Pgg8GStf8EEiI12FpmZNr5DLEs7NgwkCmZkuAXGewVFctyWWobEr86MzmyzE-fYd3oeEPoj4cBN_wnMizTQTpSdcgGa2VmQ8nSgnNCmYfj142yzb3nIrXbu3J4oH_c8vgKNSc-Gg-Vn8mt-gAfU2IwbnSryfIO_Lf_BnyKGhO61XpgVVinb8-8l_xs9l-T0nTXNVY7yOlgP5Lth8lhSQmeC32Gk6bfaJnp6TzvughzcjizwLOva9c0m3OsO6k2VeaSzav7P6Dd2_AZhMY5D_rbnGP1779lPyfaWovYM5OHaR9Jp-EByRpm-8yQ5BPQgz_narXiM0scwUC4d0L4PMgjUkJ9jfK9YERo0vB-f4KXUZ0YIySG-PXvu1KSmZyZhl1t_PXMyaoNMAq9bOYtlqj40UgkiSpixG85Cu3iDfu7IZqAYZ1RMWGxWOZkx1n_2noFP4OFxi0jxgP5dPWikLN34GEAzehES4CIb73VwyN8jzAo8z0_r0HTjNVe2rafIVRTQG5n973GZ-PFgG7BH3r9IGGsIvCvzCEzad0ywSBqCKV6AJ8Bv2Nvnloofwb-PvI7vDYm34_EL5dgVvd0aFggAEhLkaOhqI9tJNe5myqFwQsW0dxBgAQ
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.6.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 914d7c2c79bd31ac4aaf7187154ab361732c0c3f8e608a321844d0f68c71cd6d

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: gzip
x-server-name: app16.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 7616 2 KB
1 KB 447ms
331ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/window_focus_fy2019.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:20:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7616 116 KB
35 KB 268ms
152ms Script
text/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

bdaa38f52441bf7af0793fbf059e5598ffd9d18fa264b14bd55f6b3655fcc958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620056514301796"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36023
x-xss-protection: 0
expires: Tue, 04 May 2021 11:20:48 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 7616 13 KB
5 KB 265ms
149ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:18:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:18:37 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 7616 0
0 539ms
28ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQNJNzksvLp22drtxFhIU5WrvINQzpEg7dkezTTaIOOvXY0p-5Z3R4voKXHurMZCJXbEKb0UWsM8I5pyH-ZUewT0XwV5g
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H2 202 /
crta.dailymail.co.uk/ 8 B
449 B 367ms
7ms Ping
text/plain 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://crta.dailymail.co.uk/
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: http-to-kafka/0.8.10 /
Resource Hash: a00fb0c50741f81bb51d35b4475a4357f8039aabd896a21036bc516839401595

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:48 GMT
server: http-to-kafka/0.8.10
etag: W/"8-YaBXLEiT7zQxEyDYTILfiL6oPhE"
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 8
expires: Tue, 04 May 2021 11:20:48 GMT

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
734 B 469ms
21ms Image
image/png 151.101.13.44

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 26548
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: Vjnfq2okxpLEG/cBVxSfv3DOOCGN7KTpixt29L7DwUhoZL6eRlgDSODZqhfatrYL58q01gaLKf4=
x-served-by: cache-fra19126-FRA
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1620127249.949416,VS0,VE0
date: Tue, 04 May 2021 11:20:48 GMT
x-amz-request-id: F6D91014AAA6CDC4
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 11
x-cache-hits: 839013

GET
H2 200 st Show response
imprammp.taboola.com/ Frame 6B06 1 KB
628 B 400ms
10ms Document
text/html 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=undefined&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9D1FBA8A03326343833709859&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 89db1083db4741cbb8efac4796e50b7b8ff0f16c459fa9b8ce91089e6c8f3b41

Request headers

:method: GET
:authority: imprammp.taboola.com
:scheme: https
:path: /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=undefined&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9D1FBA8A03326343833709859&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Tue, 04 May 2021 11:20:48 GMT
via: 1.1 varnish
x-served-by: cache-hhn11524-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1620127249.809971,VS0,VE10
vary: Accept-Encoding

GET
H2 200 sync Show response
am-match.taboola.com/ Frame C4E5 1 KB
1 KB 423ms
36ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 060b84c1bf53e12b7dbf7e3bc9a16f0b49b3f5f04f23780a68db74a5b9d0eb07

Request headers

:method: GET
:authority: am-match.taboola.com
:scheme: https
:path: /sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=7c7537d3-1305-4c8d-aaf3-a0e8fb7a6e9a-tuct78ab38e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

server: nginx
date: Tue, 04 May 2021 11:20:48 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3401

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 5 KB
3 KB 445ms
80ms XHR
application/json 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=420&height=236&pubid=169497&tagid=953497&crid=4706985&noaop=3&sortOrderType=0&cb=1620127248412&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=88573888&pt=1434679212&tz=120&viewable=true&ddast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&dtagid=1182345&dpubid=223815&abtst=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&mPre=0.033&cirf=https%3A%2F%2Fwww.dailymail.co.uk&en=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7eb5d8f7737978e37ab3141d5de4c8224b88e01b502123c8b7b5cf9aec403b3c

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: gzip
access-control-allow-origin: https://www.dailymail.co.uk
machineid: 1479
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn11524-HHN
pragma: no-cache
server: nginx
x-timer: S1620127249.846118,VS0,VE79
vary: Accept-Encoding
content-type: application/json;charset=utf-8
via: 1.1 varnish
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <http://cdn.adnxs.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 st
am-vid-events.taboola.com/ 0
43 B 519ms
41ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=31589837&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1620127236322.67!ts:1620127248400&mntl=1
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:48 GMT
content-length: 0
server: nginx

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 606D 111 KB
38 KB 462ms
19ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 11:22:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86292
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 May 2021 11:22:36 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/elements/html/ Frame 606D 8 KB
3 KB 304ms
19ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CBOqeP6XR22fbg_Gll3dthMyeGxKH8HBOukBREow97G7g3dwh2HWibL-GgdcijBl8CCJxQaf86jh1prZQ5fDeqGE_g3Aodt1AwFSXd_OZGsYXBYGsEx_TczvWvv9e9f3j5S4TySbGm8ejtb29N81ggcpNQjQ&dbm_d=AKAmf-DM4LzYLNAeTA1aun-WAh6dsKRHO_BE-L0NeZcWpNfXIALrlFUYGdG_G67P0UvPvCi2mJCNuLKN3WWWQbtUsw5fprk_kiCxsC_c2TwsyK4k_kA0z-ZPokx76jamCQjsVFD7tyUnO713PvE3qPm7DXT44fvp3b0NqNAHgCTNPN-_5waXCnfduxLaTR91oZ3iUhxFBnsmYRsumktWkMZFBMNyyKNxTzb7IDIWQchdNGhg73a7MZf6z7VFtsxlqN7Nc8WXtS7R8YR-CvKT23_hLDbR4hI8zDmzhK2mZ9_i-NYNCjwbTKKFQHOXmrzNmdqvKgdunVUkc1262xv9FPps9JFWSYzqbfo7jOpjn9U40pYoGQUiHPoaTxJ-yhLhZUfIH7FLp49Xxg_nMMjWeviQAR_zSZK_m0Uxg0mL5G0uuG59r4yMvE84cm9ebCBT9qaGtmH8cqquk649zhF9ZYKvvnyIK_DVhNpmMODpxSN0uG9YWnd4xm2ImP_Z9nPfQRQD-ValNIh3v0cofZzmelmoEeoHjEU7NHDVp6UmGoEqpyXtH3G0KWQ-m9iAFOzhFdo14qbWPzpbsi0VkSNV0OyIMKQGQZJUDUeL1UOWv1lhC8kK4PrIcy8iQ5uPcuA5yicbZ2qEXNfsZBuV9l0s0JZTWH2uJraoH2tkUEtIf8SdjL39dBByp4gN716_xhmNz9fzy04Cbl-Th_dVxrmqAJkPUWehattmvz7RGsbQCQzxa82xeT43TrD7DR3Ua4LHBfHCD5P_tpbWM-aKQ8scXl3GAAxCfm9PgpyTgcRWPA50tLo-pPtigFxphQCDLB4427X2iZoksbujPAH_Kw8ek1ZoVnXjp0iXBQvKkFE8GiHNZExjVuP_7dcFWhfArheRD2Q-Nv30sAJ8BpFcqyInRmBHsHYn0imLtR0d1tz4EqV-dDCcuLkH2PQGYtF--ClJDTB3lG650A7YnPOTJkIquo2Vc6WDY0kyte-UZw4ScBtoCIJt8qGCBo3T0XXX439te3-YyeCJ27TbCYQPfwwae0HzuOxbji1u-8X_-zGgHSG9PX99Z9OqW_2Yc1VQjiwWwhV-1f0sO31DeTTnN1WhG5I6nsi7MDMgHqHVef1Yfji-nOX5DbAT-txz9YR3MO3dG2TSa50Y75sciq9sjkozQgdT0f1_D1ZaNVdB6oZwmp_2LcyRCCLb0WZcdcBcTKsWTqGuPlqZffWPbLlFB3wpSQsEPnaPSi7FTe6sh4M0HM-lNtnoIw9z_CcdV6uz8lEMAkeHQN5Dv1qVN2cFSIYGIHuJFD7yYDmOwio-xSrrlLAfQa9th2UDwBODDz1No7lS2_UsVopQwb1VLhq7OStHFE_YTDztFBLjC5qGQ2-rNGJFWC3y-qWNM1OAraRmMNP5d6DPsrZg45eI971iiEeWxyPX54j9lz5Yg-baS8SjtKO9rIO6U8p9V7F3BbhhvbEDrdDI0cGSlJqeV9MuY68GNFf0xkyx-K6ztk9nH9HhzEEevjjOemvIOvNV4luz-JKIHOP74hSGN8p4fGIqsOECXzH4gB3dP7dLTASNTTLcVp2rAw3VUqjikHmHGgP9BgqfgHUVQ0wwJkeMXBHdHFEeB9ltU79eNGS2OQVFNMeEe06QmGYQN7hrgnKUb1GeLcb5h9he6lT5BwqlsC3vy22G5IPVkvU0Fx_s6cz6TtRD59X9dTa61mFNz4AvFSdJG440TpMfMcMrMHPKroJmTupE7H1c4XwbkFu7z3cvjJB-N-hsoPEEEAJeSDQlWS62-ksYG_FBtJS4mihv0mCauX6Fx5mX7ejB74fFGmAOKu6fORWqE10buR0Sr4j_AmhcbG_Dcs0VOwl_n3hX1C54dXyqW77HP-MlUUQ0Z7VQj-RDLEuXCabRnqhH1UzLT-gZsFd8hHrz2FzaYejLWOrMFlYsUJoCSj7LExR22X19Nqq0EPPGqKmTDo4BehJIcmUYzeEW1sbYhbemSrQEEBp2fRQmYCv8aZ5QtJWVncqqEkjcrdSxmvMMofOXD5CVlf7EWVuqzZN6PW6JzmZFYOkRGK9eDlslsJAReBTicOraEcpTsGmTUYR_4Q5a6FgYVuFI88htm_808IBqh7RBpwinJ7MuPInFA8DI62KyfAyPiCfja4cSaUWH8kK0_JZAoTQJ05xW45Aaq4SLItQbtg1fEPP1F2wm64atEC8whftTeiFmj2XImdlruv1rgvLVt9IixusObMf9fCEtwySg9gnsDB7j1KZdYzlO9RL7eCQJZyMOkfLbY4jWr5bXAKlbnThe-nlUYyYP1kwUW2GRkvA53i-yBbf1oCag51L28cRVahNW4o__G0easV79NkHmEAjcj5w3K756Jgm-anIeTXMBM9q39kzp8d47V_LVmzkB0FW5JzMv-csWVaGpbBBDhSMlc3lm0JLL0jK-aFoxEm383K8eH8UvTfmrl2lfF7BjQHulmN_V3mLHJ_YLCHBFtQC5cqlzOXRu16IIOMcrQqiVqHzbO67LOMiUTPhuWyFsGV0m6p3-zKuxsIaGSVU_FN_aC8U8uyPF_2QDYlroV8dQLnpk6rw6AwcG4p4rbFOKFfkZAtZiDP5K5E9TSSC4f13nkeryI0BX8glphx34-qQ4NFc_BUTbfh9wm6Z2IkCgJj4lUk5nxYwbtTpl-n8a4BX2cQGW18cDDSor0tzrEW4Z7e9obND0Upcxf0ckOL_1EkEuuS3nmYxHdiCgC8IdcUYsLs_pV34SBLg-S-TxMWnmU3E_YF_ZAdh3IWccrH5J5GpnTegUklowuqRmuMejzN24A6XNrcJBT7IJWqRiaNIl-7XQhXwYlIFassAB3SbRtdOW0SM0fPEgJOFjTF4t4Hw-ZyHPTIVmcwIqqEDwQt9sz4htkipYdhXfWOl0Jwjt-PIPU4s2rrpWo0VQ8B8xO_xGOefg457DwAmg809t3hlqvxRvh_iaipn-UfCGV5Tijo0-Rs3UnoTiMpJBlPoUgpfsMCv8wPBpJq52rb4fIIfxOD_N1JcVWpQ72B9Tl6h978Fb2oadV03S-tqJo2SD4D6kS5yaIU3o7QeZWZXUpknFF8n1jFGaJiJh8ItglSurhHVSEsZXqzDZSjewUxjQXpVkdEYnQRknKnYWf5vZHpZvwrQP9GADxhHCvGtlgr5oSEYab3rgef3uD23Ql7vmZF-Qea-ruUKuSFfUQZb2&cid=CAASPeRo9UrMlXUEjUdqQ5UEotuUqqITHUpo_d1RI-sQwtW0rla5nBcbpnvTudr7sIFFREVotYehONz6wjxpSWo&rfl=1%2Chttps%253A%252F%252Fwww.dailymail.co.uk%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:20:16 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/ Frame 606D 22 KB
8 KB 219ms
38ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09f0fa32fa39db3e3da2eea89bf806be0b147366343a0934e30f164a12431b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:13:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8608
x-xss-protection: 0
server: cafe
etag: 12149544148951276823
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:13:54 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 119ms
2ms Script
application/javascript 2a00:1450:4001:812::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.dailymail.co.uk

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 96ms
0ms Script
application/javascript 2a00:1450:4001:801::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.dailymail.co.uk

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:20:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
369 B 65ms
65ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/55199X1584066.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
warning: 299 - "Deprecated API"
alt-svc: clear
content-length: 22

GET
H2 206 480x270_MP4_8288595405300740130.mp4
video.dailymail.co.uk/video/mol/2021/05/02/8288595405300740130/ 64 KB
0 21ms
8ms Media
video/mp4 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.dailymail.co.uk/video/mol/2021/05/02/8288595405300740130/480x270_MP4_8288595405300740130.mp4
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.dailymail.co.uk/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
last-modified: Sun, 02 May 2021 16:56:09 GMT
server: AkamaiNetStorage
etag: "fadcc238183be9408bbf0145f787dc56:1619974569.663218"
content-type: video/mp4
Content-Range: bytes 0-2130448/2130449
accept-ranges: bytes
Content-Length: 2130449

POST
H2 204 bulk Show response
trc.taboola.com/dailymail-row/log/3/ 0
280 B 96ms
95ms XHR
image/gif 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/dailymail-row/log/3/bulk?tvi2=766&route=IL%3AIL%3AV&lti=deflated&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210503-25-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 60
pragma: no-cache
date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 varnish
server: nginx
x-timer: S1620127250.790309,VS0,VE60
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 prebid.js Show response
vidstat.taboola.com/prebid/1.0.8/ 117 KB
38 KB 34ms
33ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/prebid/1.0.8/prebid.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cc4821ac8d2db1189e3bbc9bfaaee9f09600df1c6feadd1931904612e3ff339d

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront), 1.1 varnish
age: 2255294
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 38838
x-served-by: cache-fra19126-FRA
last-modified: Thu, 08 Apr 2021 08:49:16 GMT
server: AmazonS3
x-timer: S1620127250.844476,VS0,VE0
etag: "e3f92c3dd84c64bca0b96062fc7bb747"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: 6C2AFmLYG-Q_T7EI73BxR-EYGknp4JxLEyEQBCe4TXBSBQyNEuQNjw==
x-cache-hits: 1222059

GET
H2 200 cmTagWIDGET_ITEM.js Show response
vidstat.taboola.com/vpaid/units/29_6_3/infra/ 624 KB
106 KB 310ms
0ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/29_6_3/infra/cmTagWIDGET_ITEM.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 34d956fbe769d5f28df24429d0e8ff6278b9abf435fd6537d8be621280309bb2

Request headers

Origin: https://www.dailymail.co.uk
Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:50 GMT
via: 1.1 varnish
age: 89763
x-amz-meta-mtime: 1620037365
x-cache: HIT
x-amz-meta-ctime: 1620037366
x-amz-meta-mode: 33188
content-encoding: br
content-length: 108251
x-amz-id-2: 302/5jOO0LyuZUlvoJ61Q6cIVpKB8sQWOzYgyqZt0VpCzp5fK9GOk5vHzK8aRVa6eoSOuh8DWGE=
x-served-by: cache-fra19134-FRA
accept-ranges: bytes
last-modified: Mon, 03 May 2021 10:22:47 GMT
server: AmazonS3-br
x-timer: S1620127250.141703,VS0,VE0
etag: "746fc31d4c33a484aaa333e923657c4c"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: XR6J2XHGN2JSZD9K
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 20440

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/29_6_3/assets/css/ 60 KB
8 KB 43ms
43ms Stylesheet
text/css 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/29_6_3/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 949df1ccf23d571822752903501ed230b592bc352ba1dd90cee047ba37273d76

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:49 GMT
via: 1.1 varnish
age: 89763
x-amz-meta-mtime: 1620037414
x-cache: HIT
x-amz-meta-ctime: 1620037415
x-amz-meta-mode: 33188
content-encoding: br
content-length: 7950
x-amz-id-2: BG0znykHecK7wKSI5YBbsWjLDHlZTh2t2WnU/6vN16OsYOopHqWbz8paQ1DLkx7nqVNRAMz4lbU=
x-served-by: cache-fra19126-FRA
accept-ranges: bytes
last-modified: Mon, 03 May 2021 10:23:36 GMT
server: AmazonS3-br
x-timer: S1620127250.897635,VS0,VE0
etag: "76a50a41a99b62149876849065851fe4"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: 3SV0BT0YTZVSS6TX
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: text/css
access-control-allow-headers: *
x-cache-hits: 78077

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 5FC0 284 B
536 B 789ms
47ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/jpg

GET
H2 200 main.gr.19.8.193.js Show response
static.adsafeprotected.com/ Frame 77F9 182 KB
58 KB 323ms
3ms Script
application/javascript 2600:9000:211e:400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.193.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/677475/54035434/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0909bafa804131db2f7e58c3f810a9df87603b094dc90f7d36421f52d0b8f185

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 16:43:57 GMT
content-encoding: gzip
age: 1190214
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Apr 2021 16:21:52 GMT
server: AmazonS3
etag: W/"3bc122544b299af3472a4ba27ce7978f"
vary: Accept-Encoding
x-amz-version-id: YnDfosEmPFk1USroKyX80ierLiGWq8lS
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f83.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-C2
content-type: application/javascript
x-amz-cf-id: ffOmec7fcTw4dqFlB5nVuxmPNGbG2mRCBAxerYIo-EhYP8MxIou4Kg==

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 2C98
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2557603070289758507

42 B
770 B

175ms
42ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2557603070289758507
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Tue, 04 May 2021 11:20:49 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_336=5844-2557603070289758507; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 03-Jun-2021 11:20:49 GMT; path=/ PugT=1620127249; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 03-Jun-2021 11:20:49 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 02-Aug-2021 11:20:49 GMT; path=/
X-lat: amspug010:0:2073
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=2557603070289758507
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 5D35 43 B
326 B 73ms
0ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Tue, 04 May 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1137
x-powered-by: ASP.NET
date: Tue, 04 May 2021 11:20:50 GMT
content-length: 43

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4890
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=5dcKwGs2TpinMolPwEpF9g%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

81ms
78ms

Image
text/html

2.18.233.180

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:52 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=20371
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Tue, 04 May 2021 17:00:23 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 4890 95 B
595 B 719ms
169ms Image
image/png 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=E5D70AC0-6B36-4E98-A732-894FC04A45F6
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:50 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 64a157965c4905f9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09d8b511f7000005f91e2d4000000001

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 4890
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=E5D70AC0-6B36-4E98-A732-894FC04A45F6&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=E5D70AC0-6B36-4E98-A732-894FC04A45F6&sInitiator=external&gdpr=0&gdpr_consent=

42 B
602 B

114ms
56ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=E5D70AC0-6B36-4E98-A732-894FC04A45F6&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Hjørring, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:51 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:49 GMT
frontend-id: 9
location: /pubmatic/1/info2?sType=sync&sExtCookieId=E5D70AC0-6B36-4E98-A732-894FC04A45F6&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

p.gif
visitor.fiftyt.com/ Frame 4890
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E5D70AC0-6B36-4E98-A732-894FC04A45F6&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E5D70AC0-6B36-4E98-A732-894FC04A45F6&gdpr=&fbounce=1

0
335 B

208ms
0ms

Image
text/plain

35.201.96.126
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E5D70AC0-6B36-4E98-A732-894FC04A45F6&gdpr=&fbounce=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.96.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:53 GMT
via: 1.1 google
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: clear
content-length: 0
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

date: Tue, 04 May 2021 11:20:50 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E5D70AC0-6B36-4E98-A732-894FC04A45F6&gdpr=&fbounce=1
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 144

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 4890
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTVENzBBQzAtNkIzNi00RTk4LUE3MzItODk0RkMwNEE0NUY2&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
505 B

202ms
53ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:52 GMT
X-lat: amspug005:0:490
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 4890
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMzRaFTcc899LO_QwySSGGg&google_cver=1

42 B
855 B

180ms
39ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMzRaFTcc899LO_QwySSGGg&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:51 GMT
X-lat: amspug006:0:366
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMzRaFTcc899LO_QwySSGGg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 4890 43 B
409 B 295ms
52ms Image
image/gif 169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:50 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Mon, 03 May 2021 11:20:50 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmb/ Frame 4890
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=

70 B
371 B

89ms
0ms

Image
image/gif

76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:52 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:50 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 4890
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2965476366224638181

42 B
801 B

151ms
49ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2965476366224638181
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:52 GMT
X-lat: lhrpug020:0:421
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:50 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2965476366224638181
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 4890
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:74fc6091-2e10-4200-9df3-49d8458de59d&gdpr=0&gdpr_consent=

42 B
946 B

98ms
50ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:74fc6091-2e10-4200-9df3-49d8458de59d&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:52 GMT
X-lat: lhrpug009:0:382
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Date: Tue, 04 May 2021 11:20:44 GMT
Server: MT3 3709 11aaa92 master zrh-pixel-x26
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:74fc6091-2e10-4200-9df3-49d8458de59d&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 04 May 2021 11:20:43 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 4890
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3668742791086096242&gdpr=0&gdpr_consent=

42 B
769 B

83ms
82ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3668742791086096242&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:51 GMT
X-lat: amspug013:0:392
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:50 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.87:80
AN-X-Request-Uuid: 75e81d3b-2be2-4abd-9b16-ba1f82f80a9f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3668742791086096242&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 E5D70AC0-6B36-4E98-A732-894FC04A45F6
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 4890 43 B
203 B 280ms
37ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/E5D70AC0-6B36-4E98-A732-894FC04A45F6?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:50 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/9053774/1616753578552/ Frame A46B 4 KB
1 KB 382ms
95ms Document
text/html 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9053774/1616753578552/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f0ad525de68ba8696375358c3cbd0bb29a5b9ccffa4d13dbb45a4bf7793f6782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9053774/1616753578552/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 1469
date: Mon, 03 May 2021 14:05:36 GMT
expires: Tue, 04 May 2021 14:05:36 GMT
last-modified: Fri, 26 Mar 2021 10:12:58 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 76515
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 77F9 0
575 B 398ms
8ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvzIGXs3fUouYUbc7T0JmyH_hrISM_MxakUn8B1vwPWYgZ1v2tmYFEC8bbl8DRbXQhqlbEhs4pAWIUV6XKl9N-kbKh-eOkEkuvSovgwhqWdNwUxlo0aAWqtsPYN2eZq3gGEK9PUyJsR7EhyGGVbIUGYcQFx4u1R_QXevzuykDqE8ajESJ7V_AkeqGWBxQrIZQeOjm-VEQjQQljIg11IU9Y4JuQhO-83Y0KrrL4-JHsltVva-FNaJoYR933vyzGT2bd-jY3OYnGp-SF5N3bbq-mzhhlGcuiFUlSiEkwpJhz3V1-PINmWFoaXO9jmKBxaGkcrxAqsVUOIeDM4Z9GQGjnL6pdo-LhMN-kklOWiG8BcgaOWIAo-2blfzIawXs1GUUfABeDUjs0tvI1yCGN_Vp6mQTJ_aBsQf31bdusjxLF7SnOrYvrBGD25BKlAg5nfUDIZpUZNasw_rlDneXSrZrpPcx0dsZmmpIbqt3mCDwl3Ag9CkOQBVyuZZva9W99kedfp3Fm7OeJyP1U2gYv_FufKo3w37BTPEvmIJgpjFLmU3TDPv2-oKy0JtyNEnjUjo1eUpJQ6po5KrEhqudaRpd1eGH0I_T9HPC2nd_OqOWCIH4fX3BQ5EagCjvVehOvCvj_aThPLnO032xXhDqwCgsV7VwSjtzK_6uwrhcjIXJd0--qpHku2-gluh-FSLq9h94WyYjsQQPLYTfsTwzTG4nNqXjXqzZWSERAflFO-53dRXxn5s2d-Qom4W7QRdngSXJKT7HzML41G03qAD4nxuQPPffAj3XlFOeqR3_6SmttgBZevCEUnkqLOocs1RgCLXh-GZ4BZk4p2vVUnDWWpINQnWqO1wT1V-8rSSrBva-LU4XlC_I2VYuOqAR2obuCD4BX2mCz4m5fZ8iPF_xW1GONS4XpN8RvfJAl3CYnfTvTf5_9lw6-BuFzRQeolFhVXvFYpqtAxvJiuC9DBHWVlaZeMSuJ_dXvgRnkeWLtb7qRc_oQxk8FBOohai5G6HOfZI4xwKp1hDaQ6eKH_sMpiNRMyOpIsVT5hHDqbhFjtvDS7B5ov5T3rF03guznakpYj8WOJI4ZOlj-f4mHjITSuI1MgITcq5GO3vcI6ZGO6FOuyoJNZSSDOWIi75w1nk1p5IyeCw&sai=AMfl-YTliLcTfURhnRW4wnR3pm9qcaezFNwyRh3xRmUrx1-udOAG1qpbUWAYve5Zx-ZxQISTKWs0gYn-yRv5RLIEnKoFA-pGL0FZArXKhyUuJw68ma6rgo2uOAsKYxoXYhoD-gwBXptIH9RmeH8MowtWf5pZiGjY4S9Y-bNU2r6bMhVp0hbDIzEVHEKGlHQYM60btUB0HGyFZdWW0QslhIZQRmAYaD6MsKAiiRiz5eTNuA&sig=Cg0ArKJSzO_BcSpxaDw9EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2818&cbvp=1&cstd=2781&cisv=r20210429.48857&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Tue, 04 May 2021 11:20:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 1900 0
751 B 88ms
70ms Script
text/html 185.33.221.15

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:50 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.56:80
AN-X-Request-Uuid: 20af26e1-2f52-42fa-aeea-792a6c29a0b0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
88 B 214ms
140ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/55199X1584066.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:50 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.dailymail.co.uk
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E4DC 0
752 B 575ms
44ms Script
text/html 185.33.221.15

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:51 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.240:80
AN-X-Request-Uuid: 857d7b86-7f20-45b6-bc25-03b2a7bfedc3
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 6627 111 KB
38 KB 518ms
51ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 11:22:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86295
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 May 2021 11:22:36 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/elements/html/ Frame 6627 8 KB
3 KB 479ms
52ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DHBOfZ-_52pNMmPuPMbpyYdqDN6iuJMjC258gYhCTRd46ZpPhiFSX53I8aHiZOlZ_2GQzHI4G-zX1h4MDbEu2zngEREvBnpj4kT77jjH5pxYeQfTKKw0IR9NBjyAVRBKXs71ZVE9IcmSF_tsqqBKOLfUfqfw&dbm_d=AKAmf-A_e7hMgqtl3_tZfIOAAwMqDzjiVylpFejlsrHaAKWwXxjaNxSTnO7ixNoLUYTyHHJWn3IOwo8aTLBF0z0aOfRXRsarbHGlLlrC85gzNjKzwh0fBqvlPtf-hgnVqklT4CvrDb0HV4oRxrF3O-l1Lq9VNOZcQzS2UEvMpGdAw9TY2VBKwsiOxs40aIoCgmqVQHr1VoKpDebVefe5cCM99bU24qKkMivqg3ez8vEtA0t9R2Wqxo2vSxhveAEMH7nSEDFuU7FykhwWL2VdhU-lSrrKRG90fUsFjuKOq4HBZ6jfZuoflopiZuKg0EPh0iNS6UCuZjm55el9mbuj8kVy3SDbtJFBnXUSu_ClWJTWtawFHQ2twGRf_WFSRoILNr1agVmbHVbOS1hipQsDSbxCnW7LoQsk9er6fMpKZdwm5Qo9Hq449Mv58CS0xhhjMFn_4NosJjXHasPLHEP9LM2K1ecQd2ob-b8mlOTGkTv6KALzDQrg6ntG5C0b3yVGs_IK7uA7HBVjSrPJlzqiShTDKzko6ZS7PR-BbaZzvLjV9WmNOeB-XmynwXdEN2UT9e2By1AJcynCx25W4jTSR9yZbEby_UpFq6QXnuD82g76i-15-b-XoWvLPE8_93VujTcm7t6WUBYvpGrVXitAawvcUBxQYrGO1rDeUkgIDGJLSzEN52X43PMranpFfYfkBjtnPT15cS1TQOVYFF7aPcVWIoPnQKoydYK_se_MZ8gL7ympy0jlNXxUU1s2uNWyf6ayiw_PdX9fIr9YCSm9_xfYkMUPSRVHUJc0cJRemDTiEAQHqKZ8n66rTPzNjZJsssh101cI0atWBt5_SxDumde8K4x5L_VrgjcsBKLRHfSlYuTkBwjPpH7d_k_l0_670Ec66XpwhJWEH800WjWj7F63wA73I8EAhGLUF_Zuv1vhIVUQPcJJHOeNtA8KCiLoxVjAfQ3wpOCTSBv0q1K3rYuvkCU7g5v1PcU5XdZFhEvQNlvDWYH7FBivS0K7LB5jnfLAiHQo6o8eG8WsnEOXyh-pz4N99eF8oL5voWUK2litvZxS83t4uaZBdVxjnFIYXF1nIC9T-bnrJFjOzVpV9GlxjDW_xaoT46Y3cZgMFfqVEsPKrkxmnjLwl-dvHcJjCe6uTgHcj9bKgKOnPkFIyyKiSm1OFZLVCual6uMrNS57wQx2Ml_cyRblkwzD60tliq-2VnmTIneDKfXlk3MXwA92H9yg-7OeN711p1RkmevEmX4j5PJlqMWCrCqLfbqZEmJ7wrpYHgGocikX3xCce-RD_ev87pTJ-DkqC8q8VPcao5si4acchBc--3BYuOueNMP63sBB8HX5nyOuGJEDed4R2YJ6OffOKcWbhraskgXMxynLATYfpq9b8-s8hu1pAm7wcKZBGA9wOpHbXlThhDlfXrp56Rx4X7KE7M7KvRO60nkHlj89BnKNoW-U4RnM8a6P9ODoMepzfOqGpDYL3xrbTf8yL_btZFEhvXNZZQQNYnC4ISi3g3D5oeYzJLJzaJDoItctI5RegWI7nNIUxOqJuj9NNPB5cryhLHJEvPDgyMLwuHKEmd71ZiAuNIzgOS6oyOOr-T1g0TiFiNLdQOiqrklCLtpT42PdQDqAZGqsgp_v8FYvrhZqUVSgPA_YZxog7-5tH41siqhfjL0uo8-URWJrN7NuJ4t7KNiAy97wPUXlnm5BQC2pXUdGxT44rKE2gwUwLWgaXw1kPkluWJc23pVeUBm941lVGvXkPIIFCwdDu6tvzXPlWbnq28ew9sCW45B3hq4xnRSIocRZW2-xjB3ASeU3vfNs-PSB_xZDiZ2yV_h6X213TaIHjBOLFOym76CzkXMSjvM7oeXaQXAeNOc9zRCVOJ5_IJVg7OvYC5MJ1PJgPIZalkdFZ0FNHlBniSd8-neXbFlqqMbUM9S6UKm0jEOyqsWhG7p8aWFg7whHHVcMg9hNmaaEiBREEn3ptxJVXUOA9b2duHYam3Efqn5oUlx_5ktO_bBBUoX-iPYi5TDcgBDqbRvMcMFkzPqLAOzhgAYqdAnx7KttKxdIKqezgSZTdtJN-TpazR8QBjek-K8TH6kLV6gmG2wDC-GEap76mEzsSdDZg9WZGAu9dTqjm55Mpvp9nBDlurxhEEXn2oRK3njlokAI9t4Qd5ipyDEsfqjtWDow3wfWJprp-2FMikpCYS8MSq4ffFfqLemEbTVj268NUiuX7bsmA7TWahGUstDwSkMaDrnscJuSpFmiXoyUtk9FWYWrzzq4VQaQE2bEGq2nC-AchP2jUOqzeFm3Qd3SaQFQJirIrYAlS2ssQM362KTvX70W-pTMmKO6b53_gRlWcAlcMXYNNGTZVUYrl6H89jzdoN1so_OqzhRq43Ymrf1u91zWuWS82Y8PaMyymRk-wpbUfv5c3vp-YUeVhSfBunl8PUmWX8cHoVBJnHlmmT1YGk09ztMgt76wQ3AYN103MKGKCoK7HruVTUYV40eLkPVU6u4RIzK9UUNTW0reP4enHPcSJD0D_xHgLCzNd2bQ-kwklV64qEJOV3o3svlU2hw05mDrjfb1uhDD-z_hz2_07-v-wQqQ6BdhMk4tc96RB28vWVgbBqvMPbXatgRg4-tXm00My7UezIfvkSZ40KT-fA1R7BCA8NyKDYZfcStmtSyMFOObmEboPfyoPMrFOjZldPFB64taD7SaoQDrBY2GGMQgO1zgNpB6IRPXRgqwqoeUW_AnqfuH1NlFUR3qlYAjYs52e7y1rCaGf6lWXOTQk5VhM68_qn_EK8pV0MpY9vSkE6CMdhCyJD0KOXjorWRcwdL8a6CGqOO3sYw_g0hLxDFPLoOEAvPufbQWE_papIQVuqftHDXMGUN3xI71nxB2oKuX9IDcyb8CanfQV6NrR2AiDb6xBfmPmgBSD3XiM_M1v9e3Yvhw65hVF1oG4CnZtl_ow1U-X1h9Wy4q_LvXer-6_RlJc8-DxAdI4iSZj5wCGoXU7jo0VJpJ7lZW&cid=CAASEuRokSQuUy3c92JPNijn-BCuEg&rfl=1%2Chttps%253A%252F%252Fwww.dailymail.co.uk%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:20:16 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/ Frame 6627 22 KB
9 KB 322ms
0ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09f0fa32fa39db3e3da2eea89bf806be0b147366343a0934e30f164a12431b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:13:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 417
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8608
x-xss-protection: 0
server: cafe
etag: 12149544148951276823
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:13:54 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7616 41 KB
15 KB 498ms
0ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ad4668MA8dI9PaleVj7NdgtP1NyZu7INHangyJh-MQ-IMYShCGNHMVcN3W_-q019yOCoIkgLeNKLDkVPO8anxKCpI4dEWG74B6yxuUafyCkbNYvAUStBF91r0z8lyFUaTKeXyXhudXUtx82snyqz525mgmOQ&dbm_d=AKAmf-DiNpJ3V-aWviYi5I38tvJy2S3LeilYIB9ijk6iP9YNt5NQev8AM6F1Z6I45UBX__vccHBSOscIAzuWauzy1BmiiTQrL9g4gIwYHSyLziMyhX9lbGowQqQpRVrF-lgSBINfdjp3u6awt94wkNTUN08nqcNC7TrYhg5L5w69weFSe3kvCKxIOQbo9K-tZ1cJAKSbI0vxaVWaMrRAR49bDau5EH04cl_nBUPq6yWvmUdDcxF2QyL8yuU11dihVIl90-JJkBj0Vjsmcpg89lkujTRKrKEzWkVs2LLAAhYJQVJ1ZdQvSKdTe1Sr15t-Jkv9DT4VILsjv7LkDqkD4bDLtW_kYA3yiTWXk5LRWfjrQAQEZAZL_uo71x6RePKqfUcT9t_tf3Y_x3JwU15v_itShZMeUseHQkFeog2sErIOKudYldOLtfXdXGu7HkTrdgCSguVC4P_-mGSFTFRx7VDSP4-FA70oJiOu15Ss1n1x3IFihax2urmnuGfV7OXzxraeJhTjLRJfWPPyuq2dJZT_6kPVMLJpNoAL4kiwrzfNXAaRG4Pe2tpu4cqgqO-fcC_1IZPkRpDmZ2uMQtVKnM24J_3EIedjwyo7V1YmYhLzsMB5N9ILbl_1libn0ttazg19DNFXZ5z3HHX0HPcu1iEQDDMTv96AuT2bvvLzl1Q6t8iZwRfSLvQm84hkwcjjCDDoC_rgf4-XDS1bqAeFWwbkVneN8V4MK9J6q5KDwQHfCKFHzyzWPqlae_43hKV2hpJnX4TSrIYgMpvBB9o0v_Nf4bij48Ktgvjd7_k_AXsFV5y5DNtXd3eV8d4rM4EmkoyAjaOx0JLQvnJsUX_I4NKxD7aIv72AGX_AZOgCAyWyi0-r0_I56DWtWvYn2fGNnbmOPGuJNx7wNFy_XQI0JJRZ1oOivycrkK0cw50MkH0-WLzwx4J8nnsH8XdvBkVzHf_K9_4gtXdlDEuCqSV6-sOWy8v5WoUwpzxsKgwnr8XDEBqZyLOYY06riNyP5LLSb3tCQFY-ElCe4oWsvb7Dt2e4Dl_4fxx1kiSGSYCOUpH_JzhJRO802zdXvjFhLtvQp-tyBSgG5MV6W85A6POiqam2zogxhoCIKC8VV8GqgRLqcRP_FEc86AIzYoyVv6tYr39LcyejA9sKKptsp_fw7MQ597V9qVYmGHohVnRlRObIuCxBETPBg2tOb6TQ0GoQ9jqD4k54l8XXSTTVgLCTNTh0CHkWRY41OVfnM8_xpiTAKX6W6CWmxpnkPkZpQu59Tl-wEn78E2VHqQp3pf_EmWJi5f7WchLc5z7WvBrKxKcvRx4ldivZsujIqb_HSJIov5FT32N6ExqSV-7nRyvZVQq4C8MlhIZCcADBJPN0FriG57yjicyMjAKsABA0KR11EoK2LGnSrW9Yzvi_3FHC0KBYVCJG4CdYAL7uBv1QiWMYCErjSluvoqcGdGdJthtvp3rcUMvQpnrY24oRrupKhLEM8pYALFLWkwcNZvheW3rU-FTlxJSBjjW-uTjNv3Mq-hyENuqdlK_PrRLTzbyzsgQC1wXqxAS5lAhg380tKbywGHxQnAK9JbQOBV2yq18u3USgyU55LgyMoMZFglL7jK6R9A1GCvfBHpbAlBBdpHp4pRAVpIAM_RpcZv0e_srwPLJ8b0ZPNZPuop1O_uPtD0eVBpAjvNnn8wCVOkhKqdRHiqE-YIlE2pY9-djv9na7JFx2-svNujov9WcxBJ_p6Qe7YGE0CCPe9PPHNLkpHLqlW5HtD8MezdJKHkFPT4uaNM2fG_GW5vjB8eZ96mcACWqsRBnJFyN5KkiOzpMms3ByY3ckN9Gb_TgkZCupwGG-3T_JZaKOuX7LRCMugqK3ARwyocemBUCwmNybZjoYMwRCU2yovH5Ti7vjoVQowNPFKwem0S10R82jJXxH5DCs66N5gL9hgf8YFtXSFyjoamJBOF_WWk6CyUjDKKbTwRHkWtTkcLlgd4n76XIWp2GwHeAy5DjMCvgzYUcKou0j3xpDWfgBYmfpHAGwZE9Vd7WDjkM-JyaSVBzDF84TnXpQxuIAjaeYoGNKtC3ZXOV6blqhTIZnDgc36vTyT79pcI6T4DHzoe_jJDylVwzv0L5fkoJR52aXRfB1po-r75-Yon0-4hR4Ea9MMrmuLDPQg1QCqrjpcyTGRD2lC-xTSh4tddJM6bjDC1gS4zAS1B2E5TePL_7096RQEmUpmSYjiBIQyFFC35BqNUSIBv90aASKwkl8N67tb8-d44OtWFl3NGp0JRFiRnbwH1nlE-E3Vs2uKnNFtJ_ZLi9-jgc-9uMsRmmwiCtKT7x8mO2VMZsHtrQoqrJuorjRox2ePnkaRoWOa7qPhFZgO_LmRi0FgjLP679qL5VMwlZB-6ZMDeChycJLIK_utCEKaSqjHQ_CamgqGAyOL9kB9bibvM9BsOPIdiiWeO-pFUkIL7zj9l2ri7ql0DdEWFb9Qeoye5pVkXqUFjP1cVpb2FHPGC42KrfrKwBCs7vUcORQnX83zjeZhnXk4brWvoBMVZ-lX_LcFK-ePn5nrSZyCJza2cM3_DULBmNDGYfe2k-Jb-qe-oymjVLqkfgqn0auolGlJcwm3P_T7dv2ZCllD-2BWqXcFqkHvL2dHR39hiPwdw&cid=CAASEuRo6Goj20k17mbKoXBCxbR3EA&rfl=1%2Chttps%253A%252F%252Fwww.dailymail.co.uk%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 19:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58011
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 May 2022 19:14:00 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 77F9 41 KB
15 KB 103ms
10ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 19:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58011
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 May 2022 19:14:00 GMT

GET
H2 200 PMS.js Show response
vidstat.taboola.com/PMS/2.2.1/ 51 KB
16 KB 40ms
33ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/PMS/2.2.1/PMS.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/28_3_10/infra/cmTagCUSTOM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a9e402d2d19f1057cdea09b2152d8cfd35664182564595e19bb83916c1f00201

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:52 GMT
via: 1.1 fdb19a60fef99ccf6faacc3588fcd922.cloudfront.net (CloudFront), 1.1 varnish
age: 1659526
x-amz-meta-mtime: 1542789750
x-cache: Miss from cloudfront, HIT
x-amz-meta-mode: 33188
content-encoding: gzip
content-length: 15795
x-served-by: cache-fra19126-FRA
last-modified: Wed, 21 Nov 2018 08:42:31 GMT
server: AmazonS3
x-timer: S1620127253.894478,VS0,VE0
etag: "57a7ebef371550a9ab54a2f0f82547af"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-type: application/javascript
access-control-allow-headers: *
x-amz-cf-id: V7kH1ThKPP2LD_fu2xrbkdFfAzbjrlgwNURJZzCnWgHJhBJkwvGG2A==
x-cache-hits: 151281

GET
H3-29 200 index.html Show response
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/ Frame ED17 11 KB
4 KB 88ms
55ms Document
text/html 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8d622fa0bef7c65a7072994af27aaddab287f50c3a91aebabeea66fe5dcfdab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 3725
date: Tue, 04 May 2021 11:04:05 GMT
expires: Wed, 05 May 2021 11:04:05 GMT
last-modified: Mon, 07 Dec 2020 07:54:16 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1008
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 606D 0
24 B 278ms
103ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLF1vGiz36SCptoi1Tv5V3buvJKrGplb4ZSMgIRySNdUDwYwR34QmfhIQVm8dn3lWuVjCeTuqnybdROv28wY0dhEfpbgNc_4Ws4FmLcm3qiHAt1TK0QHmRHcI6fpFgSeZYJlcS-tvR2nz34OJEaJMwMni5Yexc3KfmPSYzgXwIClnWimQ6_2fRKsoJOEsBiWBaYLhBjNOXL-UIIXu7qVg3w3E6aBvZS2I-OiX-Mdk5EFyYl6vUmZaSQ7JTWufQbsbEFz-vKZkHE4xnkcXswSbpX_iIXI75GkOvP2u18ntd5FQFBW_lbBmhWNAIOuOXq-J8vNUl65pusyRNQNEse89O20gDjcg2jRL_0E-xzv_lVR2_EjYntXBcIDYG43caPVRYhD7ibWne1AsP8QEW03oPY7VEg8gmBs3OPFtK0wXzLDjCMmQxvEks8HDtnzs80ghU2Lrqyg5OLCpygjNrzicCLknA2YovbRoSqTz9qZuh4cyP2AMptDK4f5PGaxXFwwaWCVvaMoU9kh0KVX_XkY8IS7lYTaQ6xaoCBB3PorSUt0y-EbLe8sy_fZxJlRP2cpyuTSKCMDF_SyBmdelzzAZzxPyJEiJdELaAFddQ0yOu7j4Nmccuzvhex6vrPEu8NpG8ob4UhxieuWxmW9jVBokEsf8TiJL1d8xaeuWScqSi_NPfmmm-2WhEEDR4CNjF8oWpd-DzMOMbFDRWFhN3cz4CVirKiy79CkryKo36fY9fKTrcvhZiUIz3oYyJ1uruuCjx7owmSFcCRY6MVjsnv-ZNpWGM8-IveHwOYmr43XeLnaNz28vIbVS2e0xiWDK4TCuMnBhgQ0RfojM9SZxuDJLtMrcFVmmWJr4oWfvHualdX7D3tixvr8MjssMkfgHlRop-uyoI12pfBALAE87xS7mtdbYsBCO-rSNPfpS55JlmI8Mj1yuRgwPvRGrDuC-NK_C6Yn1TSL1FQiDl6Vqex0qQUyJ_XJDjNrboc55pFuR0SYEeH4iyGJcmPNte2VQvfmvRkwS4u__mWroHr3oCbOlDacysZnacnoAg1287HpMo3Wf0etWVZAvLsrGc6dU2DziBDv31fEPYSJbz3pj9_ooLKYO_n2zJIhimZwZx3msLaDdJ-x7jdx4JemuPvAPH6kWfw_IZBj1dvnVKhpm2xZm6Vw&sai=AMfl-YQxXdzC-3jM7i4G5orsQIff2V9tYoFaSti1vPLUo6YbMkmNhBIkz8mJk74jUAIamaDiYqJNDMOr0TDXqY35cu-nZGU3BuV-9gGoLFLoUNbnPHPmsnhk2Oku-eq8azOhrAa0dp4i61CZIx5YUD96kV7qzDKRpf-kHGdj1_Z9kXKKXMcnkmwUuhO2nEs88E9zfsQS2z9ztt06ZkVWlhUgJ7lacaar9JIll3lsMpcNtA&sig=Cg0ArKJSzOC3PeipmlOXEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=4640&cbvp=1&cstd=4632&cisv=r20210429.85398&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Tue, 04 May 2021 11:20:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 4E63 70 B
264 B 197ms
52ms Image
image/gif 76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YJEuD.nVy5V1IJwfNNfOrAAA&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN (),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:53 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 4E63
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YJEuE8YfgISJuOuMzzxJpwAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1

43 B
1 KB

45ms
45ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:58 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 4E63
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB&dcc=t

43 B
433 B

201ms
115ms

Image
image/gif

52.94.232.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:53 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 4E63
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEFgaoNNg0buejTbgGW_qios&google_cver=1

43 B
315 B

143ms
72ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEFgaoNNg0buejTbgGW_qios&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEFgaoNNg0buejTbgGW_qios&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 4E63 43 B
575 B 193ms
0ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:53 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 4E63
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=0171E87C97A7480AB3297DD312E7A6AF&gdpr=1

43 B
1 KB

125ms
54ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=0171E87C97A7480AB3297DD312E7A6AF&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

date: Tue, 04 May 2021 11:20:53 GMT
x-content-type-options: nosniff
server: nginx
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=0171E87C97A7480AB3297DD312E7A6AF&gdpr=1
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Mon, 03 May 2021 11:20:53 GMT

GET
H/1.1 200
OK CookieIndex
rtb.adentifi.com/ Frame 4E63 0
88 B 243ms
131ms Image
text/plain 52.202.1.196
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.1.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/plain

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 4E63
Redirect Chain

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=063022040013a29e80bc1b95&expiration=[EXPIRATION]&gdpr=1

43 B
980 B

46ms
42ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=063022040013a29e80bc1b95&expiration=[EXPIRATION]&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=063022040013a29e80bc1b95&expiration=[EXPIRATION]&gdpr=1
Date: Tue, 04 May 2021 11:20:53 GMT
Access-Control-Allow-Credentials: true
X-Powered-By: Express
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 4E63 43 B
425 B 164ms
54ms Image
image/gif 2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YJEuD.nVy5V1IJwfNNfOrAAA%261171
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:53 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=1112
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:39:25 GMT

GET
DATA 200
OK truncated
/ Frame 77F9 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92a2d9f0d5a084232a67a9fbd20d6b08ec0edec1484b43ccee6eaa885d7140c4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 7616
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/356285/40083639/xbbe/creative/adj?p=APEucNX9XxeUIKzF8tbMadUKHdp08EfsVDr_cXhrDr4Uzy-qlQ585As&d=CnkAoCZ_4PGewg6aNdfSszIgdtYKHkpTByq1tBHSsp0c2y2ihcERLDj2_ShfcYCo...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNX9XxeUIKzF8tbMadUKHdp08EfsVDr_cXhrDr4Uzy-qlQ585As&d=CnkAoCZ_4PGewg6aNdfSszIgdtYKHkpTByq1tBHSsp0c2y2ihcERLDj2_ShfcYCoiWx0nSS8lGX-1TzuBMb6LLGKt...

80 KB
17 KB

484ms
209ms

Script
text/javascript

74.125.206.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNX9XxeUIKzF8tbMadUKHdp08EfsVDr_cXhrDr4Uzy-qlQ585As&d=CnkAoCZ_4PGewg6aNdfSszIgdtYKHkpTByq1tBHSsp0c2y2ihcERLDj2_ShfcYCoiWx0nSS8lGX-1TzuBMb6LLGKtupjl1I1-JZvqFJF1l6HeGsW5_KEXY8kVgIZdffAVLuOXDjpiEx-0WVLlNEcTdiRWmteZI12nc_EEskRAKAmf-BnJ65XSzjHKMuhQ-kYow_-qW9nQcjM1ajtAak18QB-uSD32VRRGoFF8t9ilH4xtjn6wCNqbrQT9o6Y6MK-w1qFKUEdvpjjjwPG4diEO3SXgK9IWWBkH5mLDt1Nghe7e59iKN8dhqo1gMV_ZIBmEHXcFdZUAnQP5QxGa1eY5MHlRawb3KbR5AxHXELLGRSIHJyC9HtNUNCxcoHJbhSxIKU3_J3JNv5dfmggUcMTCJLZ3kqAzR9YjI_GmP72KrnN0BhBRJtrWqu4TSdn4lBEhqwxqIzzLKj2O_aiCPjYUkyVQpfhNzl2hl7Ea4cVRIpqOlVYSc-3qqGpagE5k0JLJnxHXIarPfG40Zw2F9nFggK0O91v29l513k9G2T0d5OD7mHHsPUIJLlpDH_lLSMSxvjJ5dS8yzuoeQzCIY8ilkcbwnW0njTEDPGAIR8b43YbeZmjLz9-PkM6aeIq0VZRZxwmU7vjHSAy5AGe-Ljjri8cqkakKNl2oW4XasQAD1DJi8i2fdH2nrzbQadmkwEbMKf83vym2YoPvNX1eowz9gNudPX0RfMSpu2-sB4mbn0QyO6T1GtC2qF2w3ePf-LHSMsPmyILsbwCz4E68oYQ3RMKeH0nbMehqqhouMfwtQlNpm41zBeb7R6xj2MoVBlc_L23VWNwKs9oNgTEvHcUe6QhRKbbHVtke9xTQ5zDvKHeRKtDMrCFMyR0dWLpNGe9blNs1S2B1DucwjKAMGD-ons7yy9CNFoDddxwoReofX5AA81ZAcnNfGJtizhFbbxcudcP0Dz4ZHM9MQYQBevp-TFIjwnhR1ZXvEnCwug94-YNHOhipcKzvjB9g26KWAJ6v4QpLZWVT7Kx_m-DqR3WRDAAvWPyD--sn5v17lybfYiBMQSJce-Le0qLlB7yTNQi5wNeINlGLPtJS3Z2fVUt5sAiSu8kJJ_ibX6DXhe5DcR3p4jJlmWy2xp8ZaxqkdgSGxY_eMqPhvBZxXzZzoYDjTy6c52ACWa6ikuBtgWxLu3sws1JX0AneGGK_h3Kp9yD_9lEue4Iurm2KobWVAh-T9mQDIYvG5WbMqbGsHFkMzP47dXB3r-5xNPiGYqrBHN9geV1n-dlScyZYUn02c8Ux3c9VXQp6igF6ZOHR71pZ1iobeOGhMwkaQx7FINLbE60KnjewhSsI0q4BK7PiNIE-gQnVqsqW-WScy2O-J6-laKVe1mhaPlVG0URociZVn3DtKlg2ayZ0zNquwVDATk9LfbKLx8YYHucxuUn9QR-J-S6qh3JipwbzRakVNtT2wDhADHLaUgIWMG75PIgzA6ucJrpf-PM6pj58iaBXO4PYbf_vswSTjvqvcuEltKJel4jAaHHCwYX4l4I_3LG7j0o-7Frb0_RmMo1vka8t9-U8aE5iQb0cEranfwtudabUt-JaFfagFeoXZiUCHEmx-qUcc2nGGOJX3DHy0ZArHvNdLvVugAgzaBU8ZKZKZNLXqsLL-4h86BxswQOzYzd946JG3AMhr3bWhyOXNjf6kaM4jemIYpE6IfE7kTlsG5zfwtNyGclAMDDhDeoer0V4c0gUoq_YQIsMSQcS9AraBZi_NmTOV8pSju0U_aueA-XHEJtSp6uRCIrSIwn-KNEevuzHGTgv6W5ZLGhvGCSzPsmUbLwrDiHmcc1GduMOrLdJPaUUKGsy8FgyABkMDRi0UNQWuz9r-yLnY1wZCqru_rc_jzi5_c5g4mPSu7W3TCs6g_yFZAgA1zgbTMJx264oDFKLo0T2pGRDQwgLC1SPpScotZUoqFwOHKCnbbD5C7JJAzDPYDywyaroblKAVrzuHG93qBYiu4FAvk7d-Xkb52zigMNpgp97vVFOGdw3ugGvncfc2WhyM7vvILTQQvsM7zw7MmIdGYlPaU3jzMmT8fGQIvp7uzb5O1JVgHTBRvhq_1DgvK4ues5NYV2A3cV9RuQ-hAOlolIE0ZJhwu6T4iKRwqdNVRVHyOFK9NNu3vCntKUYQJB8nfrw_thCBHdjJDe9fjvIinot6_OobG_tuhQxCO_ocCefqIySVc_mHIDcuJbRRUC_3zZGuIENAwjSnKqFEdBYpvQzmKctk6sPVGG16PhU8gUl-EIeirnl5tjmf-4nL078NbkrpEiAKyiu1tUqtRLYzig_UrkmPgVf-zdCPBPfQ06f705EMwB9tJ_ewMLFAglnjlHlzfB8TM8cjJvB7_-NWKe6OVGjhyBasxhyhlOdMSaTUfdF3eFizDy8zSHQoFvlLY98McW08mLYpEazssgqSk7O2tR4v_edB0Ugl49CCdKiFqkhAzIn6BZW24mwMcuXxkmGDR05esYpygUJB_YiUEEyuHNR5OVOaasTUij3UZxRexl8-c1vUnJWRhpif-FJoj2PLFx7Pgg8GStf8EEiI12FpmZNr5DLEs7NgwkCmZkuAXGewVFctyWWobEr86MzmyzE-fYd3oeEPoj4cBN_wnMizTQTpSdcgGa2VmQ8nSgnNCmYfj142yzb3nIrXbu3J4oH_c8vgKNSc-Gg-Vn8mt-gAfU2IwbnSryfIO_Lf_BnyKGhO61XpgVVinb8-8l_xs9l-T0nTXNVY7yOlgP5Lth8lhSQmeC32Gk6bfaJnp6TzvughzcjizwLOva9c0m3OsO6k2VeaSzav7P6Dd2_AZhMY5D_rbnGP1779lPyfaWovYM5OHaR9Jp-EByRpm-8yQ5BPQgz_narXiM0scwUC4d0L4PMgjUkJ9jfK9YERo0vB-f4KXUZ0YIySG-PXvu1KSmZyZhl1t_PXMyaoNMAq9bOYtlqj40UgkiSpixG85Cu3iDfu7IZqAYZ1RMWGxWOZkx1n_2noFP4OFxi0jxgP5dPWikLN34GEAzehES4CIb73VwyN8jzAo8z0_r0HTjNVe2rafIVRTQG5n973GZ-PFgG7BH3r9IGGsIvCvzCEzad0ywSBqCKV6AJ8Bv2Nvnloofwb-PvI7vDYm34_EL5dgVvd0aFggAEhLkaOhqI9tJNe5myqFwQsW0dxBgAQ

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.206.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15ff37373be5f7d4a45a35a9e8fe96d846a58aaf50576f9ff252799dda130fd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16624
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:55 GMT
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNX9XxeUIKzF8tbMadUKHdp08EfsVDr_cXhrDr4Uzy-qlQ585As&d=CnkAoCZ_4PGewg6aNdfSszIgdtYKHkpTByq1tBHSsp0c2y2ihcERLDj2_ShfcYCoiWx0nSS8lGX-1TzuBMb6LLGKtupjl1I1-JZvqFJF1l6HeGsW5_KEXY8kVgIZdffAVLuOXDjpiEx-0WVLlNEcTdiRWmteZI12nc_EEskRAKAmf-BnJ65XSzjHKMuhQ-kYow_-qW9nQcjM1ajtAak18QB-uSD32VRRGoFF8t9ilH4xtjn6wCNqbrQT9o6Y6MK-w1qFKUEdvpjjjwPG4diEO3SXgK9IWWBkH5mLDt1Nghe7e59iKN8dhqo1gMV_ZIBmEHXcFdZUAnQP5QxGa1eY5MHlRawb3KbR5AxHXELLGRSIHJyC9HtNUNCxcoHJbhSxIKU3_J3JNv5dfmggUcMTCJLZ3kqAzR9YjI_GmP72KrnN0BhBRJtrWqu4TSdn4lBEhqwxqIzzLKj2O_aiCPjYUkyVQpfhNzl2hl7Ea4cVRIpqOlVYSc-3qqGpagE5k0JLJnxHXIarPfG40Zw2F9nFggK0O91v29l513k9G2T0d5OD7mHHsPUIJLlpDH_lLSMSxvjJ5dS8yzuoeQzCIY8ilkcbwnW0njTEDPGAIR8b43YbeZmjLz9-PkM6aeIq0VZRZxwmU7vjHSAy5AGe-Ljjri8cqkakKNl2oW4XasQAD1DJi8i2fdH2nrzbQadmkwEbMKf83vym2YoPvNX1eowz9gNudPX0RfMSpu2-sB4mbn0QyO6T1GtC2qF2w3ePf-LHSMsPmyILsbwCz4E68oYQ3RMKeH0nbMehqqhouMfwtQlNpm41zBeb7R6xj2MoVBlc_L23VWNwKs9oNgTEvHcUe6QhRKbbHVtke9xTQ5zDvKHeRKtDMrCFMyR0dWLpNGe9blNs1S2B1DucwjKAMGD-ons7yy9CNFoDddxwoReofX5AA81ZAcnNfGJtizhFbbxcudcP0Dz4ZHM9MQYQBevp-TFIjwnhR1ZXvEnCwug94-YNHOhipcKzvjB9g26KWAJ6v4QpLZWVT7Kx_m-DqR3WRDAAvWPyD--sn5v17lybfYiBMQSJce-Le0qLlB7yTNQi5wNeINlGLPtJS3Z2fVUt5sAiSu8kJJ_ibX6DXhe5DcR3p4jJlmWy2xp8ZaxqkdgSGxY_eMqPhvBZxXzZzoYDjTy6c52ACWa6ikuBtgWxLu3sws1JX0AneGGK_h3Kp9yD_9lEue4Iurm2KobWVAh-T9mQDIYvG5WbMqbGsHFkMzP47dXB3r-5xNPiGYqrBHN9geV1n-dlScyZYUn02c8Ux3c9VXQp6igF6ZOHR71pZ1iobeOGhMwkaQx7FINLbE60KnjewhSsI0q4BK7PiNIE-gQnVqsqW-WScy2O-J6-laKVe1mhaPlVG0URociZVn3DtKlg2ayZ0zNquwVDATk9LfbKLx8YYHucxuUn9QR-J-S6qh3JipwbzRakVNtT2wDhADHLaUgIWMG75PIgzA6ucJrpf-PM6pj58iaBXO4PYbf_vswSTjvqvcuEltKJel4jAaHHCwYX4l4I_3LG7j0o-7Frb0_RmMo1vka8t9-U8aE5iQb0cEranfwtudabUt-JaFfagFeoXZiUCHEmx-qUcc2nGGOJX3DHy0ZArHvNdLvVugAgzaBU8ZKZKZNLXqsLL-4h86BxswQOzYzd946JG3AMhr3bWhyOXNjf6kaM4jemIYpE6IfE7kTlsG5zfwtNyGclAMDDhDeoer0V4c0gUoq_YQIsMSQcS9AraBZi_NmTOV8pSju0U_aueA-XHEJtSp6uRCIrSIwn-KNEevuzHGTgv6W5ZLGhvGCSzPsmUbLwrDiHmcc1GduMOrLdJPaUUKGsy8FgyABkMDRi0UNQWuz9r-yLnY1wZCqru_rc_jzi5_c5g4mPSu7W3TCs6g_yFZAgA1zgbTMJx264oDFKLo0T2pGRDQwgLC1SPpScotZUoqFwOHKCnbbD5C7JJAzDPYDywyaroblKAVrzuHG93qBYiu4FAvk7d-Xkb52zigMNpgp97vVFOGdw3ugGvncfc2WhyM7vvILTQQvsM7zw7MmIdGYlPaU3jzMmT8fGQIvp7uzb5O1JVgHTBRvhq_1DgvK4ues5NYV2A3cV9RuQ-hAOlolIE0ZJhwu6T4iKRwqdNVRVHyOFK9NNu3vCntKUYQJB8nfrw_thCBHdjJDe9fjvIinot6_OobG_tuhQxCO_ocCefqIySVc_mHIDcuJbRRUC_3zZGuIENAwjSnKqFEdBYpvQzmKctk6sPVGG16PhU8gUl-EIeirnl5tjmf-4nL078NbkrpEiAKyiu1tUqtRLYzig_UrkmPgVf-zdCPBPfQ06f705EMwB9tJ_ewMLFAglnjlHlzfB8TM8cjJvB7_-NWKe6OVGjhyBasxhyhlOdMSaTUfdF3eFizDy8zSHQoFvlLY98McW08mLYpEazssgqSk7O2tR4v_edB0Ugl49CCdKiFqkhAzIn6BZW24mwMcuXxkmGDR05esYpygUJB_YiUEEyuHNR5OVOaasTUij3UZxRexl8-c1vUnJWRhpif-FJoj2PLFx7Pgg8GStf8EEiI12FpmZNr5DLEs7NgwkCmZkuAXGewVFctyWWobEr86MzmyzE-fYd3oeEPoj4cBN_wnMizTQTpSdcgGa2VmQ8nSgnNCmYfj142yzb3nIrXbu3J4oH_c8vgKNSc-Gg-Vn8mt-gAfU2IwbnSryfIO_Lf_BnyKGhO61XpgVVinb8-8l_xs9l-T0nTXNVY7yOlgP5Lth8lhSQmeC32Gk6bfaJnp6TzvughzcjizwLOva9c0m3OsO6k2VeaSzav7P6Dd2_AZhMY5D_rbnGP1779lPyfaWovYM5OHaR9Jp-EByRpm-8yQ5BPQgz_narXiM0scwUC4d0L4PMgjUkJ9jfK9YERo0vB-f4KXUZ0YIySG-PXvu1KSmZyZhl1t_PXMyaoNMAq9bOYtlqj40UgkiSpixG85Cu3iDfu7IZqAYZ1RMWGxWOZkx1n_2noFP4OFxi0jxgP5dPWikLN34GEAzehES4CIb73VwyN8jzAo8z0_r0HTjNVe2rafIVRTQG5n973GZ-PFgG7BH3r9IGGsIvCvzCEzad0ywSBqCKV6AJ8Bv2Nvnloofwb-PvI7vDYm34_EL5dgVvd0aFggAEhLkaOhqI9tJNe5myqFwQsW0dxBgAQ
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.5.js Show response
static.adsafeprotected.com/ Frame 5029 82 KB
22 KB 221ms
0ms Script
application/javascript 2600:9000:211e:400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.5.js
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 19:58:11 GMT
content-encoding: gzip
age: 400965
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 29 Apr 2021 15:29:23 GMT
server: AmazonS3
etag: W/"5356fa8b6073c3eb408487be61ef7d77"
vary: Accept-Encoding
x-amz-version-id: Yr.mBFfewYS8TEW0QSrmcai42PlDhFZ2
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f83.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-C2
content-type: application/javascript
x-amz-cf-id: kHdazgcArv26DbNJuIgi2IB147HRrDKSDB_7kHsL2hWHZFHhICwarg==

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 606D 41 KB
15 KB 205ms
31ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 19:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58015
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 May 2022 19:14:00 GMT

GET
DATA 200
OK truncated
/ Frame 606D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97256e9aa3cc506a6da46b3f8549f5231860a0a4c1f5a1ee9aaae530a148099f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame DDC9 0
0 633ms
100ms Image
text/html 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DDC9
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=9220702091918050347

43 B
1014 B

93ms
45ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=9220702091918050347
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=9220702091918050347
pragma: no-cache
date: Tue, 04 May 2021 11:20:55 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame DDC9
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=372f6091-2e17-4700-9c2c-c760c0faef00&gdpr=1&gdpr_consent=

43 B
1 KB

48ms
47ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=372f6091-2e17-4700-9c2c-c760c0faef00&gdpr=1&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

Date: Tue, 04 May 2021 11:20:49 GMT
Server: MT3 3709 11aaa92 master zrh-pixel-x9
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=372f6091-2e17-4700-9c2c-c760c0faef00&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 04 May 2021 11:20:48 GMT

GET
H2

200

YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame DDC9
Redirect Chain

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB
https://pr-bh.ybp.yahoo.com/sync/casale/YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB

43 B
649 B

36ms
35ms

Image
image/gif

2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:57 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Tue, 04 May 2021 11:20:56 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://pr-bh.ybp.yahoo.com/sync/casale/YJEuD-nVy5V1IJwfNNfOrAAABJMAAAIB
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DDC9
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1622719256

43 B
1 KB

44ms
43ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1622719256
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:56 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1622719256
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 403 match
c1.adform.net/serving/cookie/ Frame DDC9 0
330 B 118ms
27ms Image
text/plain 37.157.6.246
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=29&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:56 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame DDC9
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=0171E87C97A7480AB3297DD312E7A6AF&gdpr=1

43 B
980 B

89ms
44ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=0171E87C97A7480AB3297DD312E7A6AF&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

date: Tue, 04 May 2021 11:20:56 GMT
x-content-type-options: nosniff
server: nginx
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=0171E87C97A7480AB3297DD312E7A6AF&gdpr=1
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Mon, 03 May 2021 11:20:56 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame DDC9
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=YgKkVEq81LDT6M5&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=YgKkVEq81LDT6M5&gdpr=1&C=1

43 B
315 B

333ms
82ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=YgKkVEq81LDT6M5&gdpr=1&C=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:21:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 May 2021 11:21:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=YgKkVEq81LDT6M5&gdpr=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 290
Expires: Tue, 04 May 2021 11:20:59 GMT

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame DDC9 43 B
425 B 106ms
37ms Image
image/gif 2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YJEuD.nVy5V1IJwfNNfOrAAA%261171
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.dailymail.co.uk/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:20:56 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=1109
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:39:25 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7D3F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1

43 B
1 KB

61ms
40ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKPK0wEQmJDhlwIYidrZpgEwAQ&v=APEucNXMEyksHAlJYapfnfzplE0JoQmYAxSpG_YPyYS6mj4ZBItjMuK5cCbQNfFhjizKkbh-K7On9GFwJocDhkuCslfPe3NSWBijb20cfZZLsfcYL2qz_oxfb6CP-wmBQykttZQJuYKMBGTg8BDMMCS5G0_AcOQQNWxvvXMjMIIkTK726rqucXPMUEJj_rxxgjtt3044hKfSooZJgVaBmQvpFUEals4doky6dJSYDYYTzLooNs6Z8uw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7D3F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJEuE8YfgISJuOuMzzxJpwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1&C=1

43 B
315 B

312ms
59ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKPK0wEQmJDhlwIYidrZpgEwAQ&v=APEucNXMEyksHAlJYapfnfzplE0JoQmYAxSpG_YPyYS6mj4ZBItjMuK5cCbQNfFhjizKkbh-K7On9GFwJocDhkuCslfPe3NSWBijb20cfZZLsfcYL2qz_oxfb6CP-wmBQykttZQJuYKMBGTg8BDMMCS5G0_AcOQQNWxvvXMjMIIkTK726rqucXPMUEJj_rxxgjtt3044hKfSooZJgVaBmQvpFUEals4doky6dJSYDYYTzLooNs6Z8uw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:21:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 May 2021 11:21:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 04 May 2021 11:20:59 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7D3F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDaLbWRNJjxl917yqm6d4c4&google_cver=1

43 B
1 KB

40ms
39ms

Image
image/gif

185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDaLbWRNJjxl917yqm6d4c4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKPK0wEQmJDhlwIYidrZpgEwAQ&v=APEucNXMEyksHAlJYapfnfzplE0JoQmYAxSpG_YPyYS6mj4ZBItjMuK5cCbQNfFhjizKkbh-K7On9GFwJocDhkuCslfPe3NSWBijb20cfZZLsfcYL2qz_oxfb6CP-wmBQykttZQJuYKMBGTg8BDMMCS5G0_AcOQQNWxvvXMjMIIkTK726rqucXPMUEJj_rxxgjtt3044hKfSooZJgVaBmQvpFUEals4doky6dJSYDYYTzLooNs6Z8uw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.78:80
AN-X-Request-Uuid: 27cb2441-7c07-46a3-b83b-5d752e36c99c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDaLbWRNJjxl917yqm6d4c4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7D3F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY2ODc0Mjc5MTA4NjA5NjI0Mg%3D%3D

170 B
188 B

47ms
46ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY2ODc0Mjc5MTA4NjA5NjI0Mg%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:56 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.153:80
AN-X-Request-Uuid: 47550924-9a38-40e6-be81-b81be17481b5
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY2ODc0Mjc5MTA4NjA5NjI0Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1FE8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1

43 B
1 KB

66ms
45ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDvo7YCGPGUkl8wAQ&v=APEucNX6-Uq2xv8ESelvrCMeI0JP959dDE65bLsLlOLpelDw-E1zPGq_YD96LZX_1hqTa3mZkRwXKXgljv5N_No3s7FhEtYHeb6YJcqb2pykHvwTj5UiLbR45f6ICM52tJV6XahufVkqEjWmcLbG16ROU3nrEe6RT8vzH0hMwA18hGEJ08GyWpEF7RUXTOjqDk_7qMJFZ2lwx4JpeKVw6DObJ34RNBfJ3Ws0rDATaNhUFMyYWN-aT0Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 May 2021 11:20:57 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1FE8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJEuE8YfgISJuOuMzzxJpwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1&C=1

43 B
315 B

311ms
58ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDvo7YCGPGUkl8wAQ&v=APEucNX6-Uq2xv8ESelvrCMeI0JP959dDE65bLsLlOLpelDw-E1zPGq_YD96LZX_1hqTa3mZkRwXKXgljv5N_No3s7FhEtYHeb6YJcqb2pykHvwTj5UiLbR45f6ICM52tJV6XahufVkqEjWmcLbG16ROU3nrEe6RT8vzH0hMwA18hGEJ08GyWpEF7RUXTOjqDk_7qMJFZ2lwx4JpeKVw6DObJ34RNBfJ3Ws0rDATaNhUFMyYWN-aT0Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:21:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 May 2021 11:21:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo-TdRxtVSE54jDJaUNDv8&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 04 May 2021 11:20:59 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1FE8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDaLbWRNJjxl917yqm6d4c4&google_cver=1

43 B
1 KB

89ms
88ms

Image
image/gif

185.33.221.15

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDaLbWRNJjxl917yqm6d4c4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBDvo7YCGPGUkl8wAQ&v=APEucNX6-Uq2xv8ESelvrCMeI0JP959dDE65bLsLlOLpelDw-E1zPGq_YD96LZX_1hqTa3mZkRwXKXgljv5N_No3s7FhEtYHeb6YJcqb2pykHvwTj5UiLbR45f6ICM52tJV6XahufVkqEjWmcLbG16ROU3nrEe6RT8vzH0hMwA18hGEJ08GyWpEF7RUXTOjqDk_7qMJFZ2lwx4JpeKVw6DObJ34RNBfJ3Ws0rDATaNhUFMyYWN-aT0Y

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN (),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:57 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.182:80
AN-X-Request-Uuid: 94318a09-193c-46c4-8934-b83260b019fe
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDaLbWRNJjxl917yqm6d4c4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1FE8
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY2ODc0Mjc5MTA4NjA5NjI0Mg%3D%3D

170 B
188 B

60ms
59ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY2ODc0Mjc5MTA4NjA5NjI0Mg%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:20:56 GMT
X-Proxy-Origin: 89.187.168.226; 89.187.168.226; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.153:80
AN-X-Request-Uuid: 4b433204-ac45-4ecc-b012-4acb4bc9c6fd
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY2ODc0Mjc5MTA4NjA5NjI0Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 6B06 43 B
183 B 852ms
89ms Image
image/gif 2600:1f18:612b:4264:7659:1bf:d736:fba9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=undefined&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9D1FBA8A03326343833709859&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:7659:1bf:d736:fba9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:57 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 204 sync Show response
pixel.advertising.com/ups/58166/ Frame 6B06 0
124 B 89ms
26ms Script
text/plain 52.59.102.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.advertising.com/ups/58166/sync?gdpr=1&uid=&_origin=1&us_privacy=1---&redir=true

Requested by

Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=undefined&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9D1FBA8A03326343833709859&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.59.102.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:56 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204

partner Show response
sync.search.spotxchange.com/ Frame 6B06
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...

0
565 B

84ms
36ms

Script
text/plain

185.94.180.125

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=cb853ef4-acca-11eb-a5a6-1342c0320506
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=undefined&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9D1FBA8A03326343833709859&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.125 , United States, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
Date: Tue, 04 May 2021 11:20:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 104
Connection: keep-alive
Content-Length: 0

Redirect headers

Date: Tue, 04 May 2021 11:20:56 GMT
Server: nginx
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=cb853ef4-acca-11eb-a5a6-1342c0320506
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 90
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 6B06 43 B
145 B 119ms
54ms Image
image/gif 35.156.143.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=undefined&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9D1FBA8A03326343833709859&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.143.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:56 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame C4E5 43 B
182 B 852ms
89ms Image
image/gif 2600:1f18:612b:4264:7659:1bf:d736:fba9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:7659:1bf:d736:fba9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:57 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 204 sync Show response
pixel.advertising.com/ups/58166/ Frame C4E5 0
124 B 118ms
57ms Script
text/plain 52.59.102.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.advertising.com/ups/58166/sync?gdpr=1&uid=&_origin=1&us_privacy=1---&redir=true

Requested by

Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.59.102.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:56 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204

partner Show response
sync.search.spotxchange.com/ Frame C4E5
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...

0
563 B

90ms
38ms

Script
text/plain

185.94.180.125

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=cb998431-acca-11eb-9513-1e87ce780406
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.125 , United States, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
Date: Tue, 04 May 2021 11:20:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 4
Connection: keep-alive
Content-Length: 0

Redirect headers

Date: Tue, 04 May 2021 11:20:56 GMT
Server: nginx
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=cb998431-acca-11eb-9513-1e87ce780406
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 49
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame C4E5 43 B
145 B 118ms
54ms Image
image/gif 35.156.143.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.143.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:56 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 77F9 42 B
64 B 108ms
47ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstOcDwoO-n3F_DUszxV3QCJqPQeGBAyeT9_uk1munbEMTqN9W3fQyjuyzIp1pi-oY_B4GK2dv3q3eHaHcJCN6r3NEej4rXYoTIu7AaZCTDIT6JN&sai=AMfl-YTNoJLZ2cX8GOo_oxbI-ewJVznmLLrbXRBbq6iTwZXwZuK4OjbtuYXCfoXSyBXla0LoqMTDpsWYexXoqThEgIPtQ9fGZBr96tKtDIVKKzov-XMKam6UTg2NgRXnrMaz&sig=Cg0ArKJSzO4ZSR7IaDebEAE&cid=CAASPeRocizmhE13KXPMs-I53_iGLuk9YNdKGYYhpVd1yWDTU-lwWkTohql9F_23ChRK_vgPZ5vi_2sbPsrX_E8&id=lidar2&mcvt=4989&p=277,435,367,1163&mtos=4989,4989,4989,4989,4989&tos=4989,0,0,0,0&v=20210503&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2059569030&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 77F9
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/677475/54035434/skeleton.js?adsafe_url=https%3A%2F%2Fwww.dailymail.co.uk%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fbabd3128f925cf237c2a7ef586b7ff3d.safeframe.g...
https://static.adsafeprotected.com/skeleton.js

17 B
463 B

916ms
437ms

Script
application/javascript

2600:9000:211e:400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Jan 2021 10:01:14 GMT
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f83.cloudfront.net (CloudFront)
age: 8126386
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 4iqs8s9xL_Mw5dU0MY7ukWb5gQU__VP_4uh-84V-qk367oR_wls6aQ==

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:57 GMT
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.5.js Show response
static.adsafeprotected.com/ Frame 0D25 82 KB
22 KB 41ms
7ms Script
application/javascript 2600:9000:211e:400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.5.js
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 19:58:11 GMT
content-encoding: gzip
age: 400967
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 29 Apr 2021 15:29:23 GMT
server: AmazonS3
etag: W/"5356fa8b6073c3eb408487be61ef7d77"
vary: Accept-Encoding
x-amz-version-id: Yr.mBFfewYS8TEW0QSrmcai42PlDhFZ2
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f83.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-C2
content-type: application/javascript
x-amz-cf-id: YfBFyKYfKPGthLQ41e2aThD5zGmg2qFYViEKIXGvFMFs31xCir-RAw==

GET
H2 200 index.html Show response
s0.2mdn.net/10388772/1619617588040/ Frame 14F2 7 KB
3 KB 9ms
6ms Document
text/html 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10388772/1619617588040/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3d289a556ad2a665ae0d41c4747dcfba2b9ee8768e41c86842fc39bbd802a9f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10388772/1619617588040/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 2808
date: Mon, 03 May 2021 22:03:13 GMT
expires: Tue, 04 May 2021 22:03:13 GMT
last-modified: Wed, 28 Apr 2021 13:46:28 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 47865
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6627 0
24 B 85ms
85ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxoRlixy5hxiUZ3R736tlf5uYw5jwKqxbuzDUkxV-ss05KdTBl5dUopK4UeoQSoxBenedgyXKeV_DN0Wq1Xr3D65139_L1KdWVafrYBAhV0jzI6f9XLLdbqaPoT5yU_WoRSA9c70maykBsJmy4XxtJ1qEHj36Sr5lKU6v10IdkE0YZF6n3dBYvxZZksmMsJbIkS0bS0vjFx9Z4XjA_ZAZciVHlAkvEr6FL_VII3q0W-JPbZPcUvZPp8UZQImt7JxWI6VXJqCqSIWVHtoefZrPzCtZxM60xo8RRpIa2ykyjrHVfihsF0qrXCDlTfdasPmhxxhNh77NzdW57gjhEJEW_V1X0BTKtrv7HY4zSVfPdUb5L9x08DsAHsbhCD8F1EcgKLkoivuZbtwtYfbTHgwiMtTxruE8BG0mQUZj4y1nke2xL-l9QYZQK5gZ-yL27VUe7qSZfCl8E0nOLg0LNb61tvq4h9p-KPrZ-wlX-p-m-4XHurQDrFiO129xJGBxfZQ8yvGVn0A4Cc6YnxBcp2B1k_FQz8WLVzQ0b5imcX9u2vPNxH4yV4rjD4k2WzTrsYW1yn9mK0MsGja30RhvOELwslXYrMFM6tsUXlKt_bTkumJjNmXpZPh2mWCL-IwPqethgw8D3khKkm_BcIgZQ-hb1m_oCGlxP52rXjxJrX9smz5FQRDGOdMedyaagaL5hm2JYYLbRmxC7gtVm9MLsMLa4PoaobO2tMqWSMQcfI_wJbCt3zrf2co2Ur8QW6ojFdWwDE_GLdQ1RG6MaWHoSKZ7wCg2m8ByG_nlwyHQdZFTtqmzfNnkwuqiX1mdY7D6q0tRh7ey9LdbAJH59QMJvd5nvLnNLfdpZaXduOx4SV59_YdbWj3TucppltlJLNm_VwT4ZwuYD0ed_o_H80xZve0UIma2JhcMl5LDEttQgipMbUowNIhZDvFT-ek9G-lWuNPwSSwx9MLanqmcqd756zudbH5v56BhKNxT6gSWxeVbop9pTNnJzabzlsyn8Wh29fcDDSdkdl3Olsi0yrQA9RjgXbJjJCqQNxJeM15Vy6lieT4ZUq0tA4dxfUjPexn0TR-rDzd3DfG7rXzBftn2ok6wWhNP8t2uybOAerB7__84y4pjr7hu2y6YEPyO0tHYj3AQke5BR_l90NtiRKSaA33EV&sai=AMfl-YSz1NZByjE84hAhWGKBG_jlCy_kDm0PX6C0neQKScapCNqUE1jwmw-xkQuzeJeQiqy4ujfqHdIm7FKOj1I9wagshUvWjS5kQsmtFawbsCVjxfv7Pgnjdz6AKYG2wwzYaPzrtDJzjcpbZ4gHDkBBUCGdug2xxQ&sig=Cg0ArKJSzOVTVYUw8aFcEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=7053&cbvp=1&cstd=7050&cisv=r20210429.65485&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Tue, 04 May 2021 11:20:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F145 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 04 May 2021 11:18:17 GMT
expires: Wed, 04 May 2022 11:18:17 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 161
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3860 22 KB
8 KB 13ms
12ms Document
text/html 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 04 May 2021 11:18:17 GMT
expires: Wed, 04 May 2022 11:18:17 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 161
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7616 43 B
215 B 1152ms
130ms Image
image/gif 54.196.119.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=356285&asId=e9bfff48-8ffd-6e27-cc3f-113c4522f704&tv=%7Bc:bEdbVA,pingTime:-2,time:3791,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:9361,beZ:9392,mfA:9394,cmA:9396,inA:9397,inZ:9459,prA:9459,prZ:9818,si:9903,poA:9917,poZ:10050,cmZ:10050,mfZ:10050,loA:12156,loZ:12161,ltA:13152,ltZ:13152%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:r,w:300,h:600,t:516%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:0,n:3792,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:516,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:-1,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B3724~1%5D,as:%5B3724~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:swrmPNW+11.677475-54035434%7C111%7C112%7C12%7C13%7C141%7C15%7C161%7C162%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1j1%7C1k%7C1l%7C1m*.356285-40083639%7C1m1%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v,idMap:1m*,rmeas:1,rend:0,renddet:IMG.us,sinceFw:3235,readyFired:false%7D&br=u
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.196.119.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:59 GMT
x-server-name: dt50.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 606D 42 B
501 B 283ms
29ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0uCoS_9nUSqLZgrBbQ6cHhftvowhw_bxY9Zx8yisIDI4NNnWoRSl7TxQCxwExgOdUR_pdYy2ntBTh4lzhxNqqdl0kvmdzFX68i9THKGvFXJSaNQoxDVXaGnbERg&sai=AMfl-YRYTE5BVfJetfYY7a72UmkAbscYUIJILCcO_016vwt4NOohv_0z7ofhvF6FXbNfaMAuB89w4FirMF3r0JrMuzxAHPh2OU6KNP9iboIS_T2XLBWGp7gXiCVPVur09GgZ&sig=Cg0ArKJSzPvMkXSBLlxPEAE&cid=CAASPeRo9UrMlXUEjUdqQ5UEotuUqqITHUpo_d1RI-sQwtW0rla5nBcbpnvTudr7sIFFREVotYehONz6wjxpSWo&id=lidar2&mcvt=2752&p=513,978,1113,1278&asp=513,978,1113,1278&mtos=2752,2752,2752,2752,2752&tos=2752,0,0,0,0&v=20210503&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1681197377&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1620127244103&rpt=11764&isd=0&lsd=0&r=v&fum=1&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6627 41 KB
15 KB 197ms
37ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 19:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58018
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 May 2022 19:14:00 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8054 1 KB
864 B 145ms
0ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 04 May 2021 03:14:09 GMT
expires: Wed, 05 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 29209
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6627 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf7addd361eaec0e3137381334b2bfcb24ce2a0d1d5fd7ea769a2f4c8ac3fb17

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 edge.5.0.0.min.js Show response
animate.adobe.com/runtime/5.0.0/ Frame A46B 100 KB
33 KB 166ms
24ms Script
text/javascript 2a02:26f0:10::5c7a:d698
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://animate.adobe.com/runtime/5.0.0/edge.5.0.0.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/9053774/1616753578552/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10::5c7a:d698 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: 9558924c72ef220a337133c2f0355049283525bcec882f0ecc280e8657e44d11

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:59 GMT
content-encoding: gzip
last-modified: Tue, 23 Sep 2014 09:55:36 GMT
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 33131
expires: Tue, 04 May 2021 11:35:59 GMT

GET
BLOB 206
Partial Content 48b5ce62-f8a0-45ce-8986-653a9aea2889
https://www.dailymail.co.uk/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.dailymail.co.uk/48b5ce62-f8a0-45ce-8986-653a9aea2889
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
BLOB 206
Partial Content ce6c3dda-b24c-40e4-b67b-b8ac82b189d5
https://www.dailymail.co.uk/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.dailymail.co.uk/ce6c3dda-b24c-40e4-b67b-b8ac82b189d5
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 206 bd4cnn12a189xgmwp4mv.mp4
c3.taboola.com/libtrc/static/video/t_PERFORMANCE_VIDEO_DEFAULT/v1603974080/ 304 KB
304 KB 86ms
39ms Media
video/mp4 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://c3.taboola.com/libtrc/static/video/t_PERFORMANCE_VIDEO_DEFAULT/v1603974080/bd4cnn12a189xgmwp4mv.mp4
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ec78c49089b75aa4b290087fb3ecb070d703de0732c5fc469e4c961c57f8aa21

Request headers

Referer: https://www.dailymail.co.uk/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: R7adBIwQ.zblhaWbeNIErJLUKOi0QAjY
via: 1.1 varnish
etag: "b64bc26f2e9542ff3a7961bac0d95178"
age: 68
x-cache: HIT
Content-Range: bytes 0-310866/310867
x-amz-replication-status: COMPLETED
Content-Length: 310867
x-amz-id-2: kTfZlVCgkLOI5APKKmTBAprLgfL6YEGlXmIfXElz/IBC+26du7GbSXoteP6BxyIOG2YMiNCsS6Y=
x-served-by: cache-fra19126-FRA
last-modified: Thu, 29 Oct 2020 12:21:34 GMT
server: AmazonS3
x-timer: S1620127259.131291,VS0,VE1
date: Tue, 04 May 2021 11:20:59 GMT
x-amz-request-id: DWGVFAD14X8KBRD6
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: video/mp4;codecs=avc1
abp: 60
x-cache-hits: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 77F9 43 B
216 B 738ms
108ms Image
image/gif 54.196.119.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=677475&asId=2a1dcd9b-be20-0a92-7296-dec78d7d6690&tv=%7Bc:bEdc2A,pingTime:-2,time:8740,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:5419,bdZ:5770,beA:8088,beZ:8091,mfA:14880,cmA:14898,inA:14899,inZ:14923,prA:14923,prZ:15121,si:15195,poA:15208,poZ:15260,cmZ:15260,mfZ:15260,loA:15667,loZ:15671,ltA:16818,ltZ:16818%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:r,w:728,h:90,t:7105%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:0,n:8740,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:7105,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1928~1%5D,as:%5B1928~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:swrmPNW+11*.677475-54035434%7C111%7C112%7C12%7C13%7C141%7C15%7C161%7C162%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1j1%7C1k%7C1l%7C1m.356285-40083639%7C1m1%7C1m2%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:11*,rmeas:1,rend:0,renddet:na,sinceFw:1609,readyFired:true%7D&br=u
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.196.119.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:20:59 GMT
x-server-name: dt36.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 1BFC 40 KB
5 KB 810ms
180ms XHR
text/xml 172.217.23.98

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?env=vp&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&hl=en&iu=%2F5765%2Fdm.chromelessvideo%2Fdm_dmros_ros%2Fpreroll&correlator=3255726911035259&cust_params=length%3D30%26videoWidth%3D401%26videoHeight%3D225%26play%3D1%26embed%3Dfalse%26ttid%3D8288595405300740130%26domain%3Ddailymail%26flyaway%3Dfalse%26s%3Doff%26videoTitle%3DHomeowner_cant_remove_gutters_now_due_to_neighbour_home_extension%26video%3DBPM_Media%26environment%3Dproduction%26pos%3Djw_preroll%26abv%3D4.1.50%26mvt%3Dpermutive_on%2Cuniversalid_off%2CperfMon_off%2Cfe_desktop_default%26bot%3Dfalse%26random%3D29f86cf4-802d-4239-8e32-6db6fb2e6185%26impid%3Dc06fa917-1e93-42ac-8af3-11ddb1349f3b%26sw%3D1600%26sh%3D1200%26device%3Dwindows10%26device_features%3D%26articlewithvideo%3Dfalse%26style%3Dwide%26watershed%3Dfalse%26location%3Ddailymail_co_uk%26id5%3Dtrue%26prog%3Dtrue%26area%3Dwires%26subarea%3Dreuters%26adx_channel%3D15%26refreshCount%3D0%26player%3Djwplayer%26channel%3Dwires%26oov%3Dfalse%26sz%3D401x225&description_url=https%3A%2F%2Fwww.dailymail.co.uk%2Fnews%2Farticle-9534885%2FBirmingham-NHS-worker-blasts-bizarre-extension-neighbours-home.html&url=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&scor=4308090157008058&sz=401x225&vid=8288595405300740130&vpa=auto&vpmute=1&sdkv=h.3.453.0&osd=2&frm=0&vis=1&sdr=1&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&u_so=l&ctv=0&mpt=videojs&mpv=4.12.15&sdki=44d&adk=2537044877&sdk_apis=2%2C8&sid=4E015572-CB53-4820-A85D-F99DC890408A&eid=420706097%2C44739826&dt=1620127259162&cookie_enabled=1&ged=timeout

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

b8cf621c440b8a8a20f6548e3ea4d7211952acdb1515d477c7bb3a1e8b5a44eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:00 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4488
x-xss-protection: 0
google-lineitem-id: 5638609354,5082125689
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138342228549,138272434639
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 vblhg8gnby0jpqv86qu9.mp4
c3.taboola.com/libtrc/static/video/t_PERFORMANCE_VIDEO_DEFAULT/v1616077707/ 551 KB
552 KB 583ms
1ms Media
video/mp4 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://c3.taboola.com/libtrc/static/video/t_PERFORMANCE_VIDEO_DEFAULT/v1616077707/vblhg8gnby0jpqv86qu9.mp4
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6fe3e21b933ace448adb105bc7ce05a89620826bcf8b0712b346bf3173fb2ee

Request headers

Referer: https://www.dailymail.co.uk/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: ZxLDpZX1UhXm7ZgVwun62bJlPLGvzCLv
via: 1.1 varnish
etag: "5fc2371ecc84b010f256f574810b0311"
age: 70
x-cache: HIT
Content-Range: bytes 0-564276/564277
x-amz-replication-status: COMPLETED
Content-Length: 564277
x-amz-id-2: DeJKE32acui9TauJ6oJcNi2rN5q8+mg6RYIqHiajkvP2RDhiFaFNUAiozxKnGHzzuXeUruYjq/Q=
x-served-by: cache-fra19126-FRA
last-modified: Thu, 18 Mar 2021 14:28:32 GMT
server: AmazonS3
x-timer: S1620127260.899692,VS0,VE1
date: Tue, 04 May 2021 11:20:59 GMT
x-amz-request-id: CKPGJJZM691PGH2B
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: video/mp4;codecs=avc1
abp: 60
x-cache-hits: 0

GET
H2 200 keyvisual-x2.jpg
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 99 KB
99 KB 567ms
10ms Image
image/jpeg 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/keyvisual-x2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1f9f8deadc6899f3755e55b8f4b6b0e1188e0eda11d91db5dfa8fbaba2800a1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:01:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:17 GMT
server: sffe
age: 1181
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101665
x-xss-protection: 0
expires: Wed, 05 May 2021 11:01:18 GMT

GET
H2 200 attribute-1-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 11 KB
11 KB 504ms
14ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/attribute-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

465383ee13661135e9255169ac58099980e7e4a37e547a9ef4066d16e2487cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 04:04:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:16 GMT
server: sffe
age: 26170
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11479
x-xss-protection: 0
expires: Wed, 05 May 2021 04:04:49 GMT

GET
H2 200 attribute-2-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 17 KB
18 KB 487ms
0ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/attribute-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3bef17768ba2886e19c2454f4c6348bdc66f72a6c1683c1899355e6c1e653380

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 12:35:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:17 GMT
server: sffe
age: 81920
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17869
x-xss-protection: 0
expires: Tue, 04 May 2021 12:35:39 GMT

GET
H2 200 push-1-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 5 KB
5 KB 467ms
0ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/push-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d53be00999d724ce977d627ed49b50c5456477bcc53f5bd9b18227c9f0cd3b69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 12:35:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:16 GMT
server: sffe
age: 81920
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5147
x-xss-protection: 0
expires: Tue, 04 May 2021 12:35:39 GMT

GET
H2 200 push-2-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 8 KB
8 KB 456ms
0ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/push-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d790abfdc60e023d9fa9c1d64689c102a7674a35fad78c21d494a5cc9a428bd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 12:35:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:17 GMT
server: sffe
age: 81920
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7927
x-xss-protection: 0
expires: Tue, 04 May 2021 12:35:39 GMT

GET
H2 200 box-push-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 13 KB
13 KB 531ms
58ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/box-push-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f2551e570a95e55876763ef239986377bcf73ea6cf301aa75a53f89c70d85f89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 12:35:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:17 GMT
server: sffe
age: 81920
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12808
x-xss-protection: 0
expires: Tue, 04 May 2021 12:35:39 GMT

GET
H2 200 box-cta-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 10 KB
10 KB 589ms
116ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/box-cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3e8727f8b7f18ee05acf666909ea1e32ce876068386a1e0d57e1bdbb793bf0b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 04:04:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:17 GMT
server: sffe
age: 26170
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9759
x-xss-protection: 0
expires: Wed, 05 May 2021 04:04:49 GMT

GET
H2 200 logo.svg
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 3 KB
1 KB 582ms
109ms Image
image/svg+xml 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

189f0e44e9a56486e6316ceb9b55ddff8b1cd271843794e3d6c7e5c77a4461d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 11:37:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85387
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1237
x-xss-protection: 0
last-modified: Mon, 07 Dec 2020 07:54:17 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 04 May 2021 11:37:52 GMT

GET
H2 200 overlay-push-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 4 KB
4 KB 756ms
184ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/overlay-push-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

cd6b662e491d7c16d89893aa3c583aba89b7cb060839d34e59c426168b7e3cc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 12:35:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:17 GMT
server: sffe
age: 81920
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3662
x-xss-protection: 0
expires: Tue, 04 May 2021 12:35:39 GMT

GET
H2 200 overlay-cta-hover-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 2 KB
2 KB 751ms
194ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/overlay-cta-hover-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

0359a5df4099c64b2cf302dad468f050ba46573f01e67a68945af6c5b44edb8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 12:35:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:16 GMT
server: sffe
age: 81920
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2277
x-xss-protection: 0
expires: Tue, 04 May 2021 12:35:39 GMT

GET
H2 200 overlay-cta-x2.png
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/ Frame ED17 2 KB
2 KB 750ms
193ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/images/overlay-cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7c1e4a3b4e463b76b1ddeb7901dc7d58e3dc04f9f89d5521558da69b5e1f1c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 12:35:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 07:54:17 GMT
server: sffe
age: 81920
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2276
x-xss-protection: 0
expires: Tue, 04 May 2021 12:35:39 GMT

GET
H2 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame ED17 113 KB
38 KB 712ms
223ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 May 2021 11:20:59 GMT

GET
H2 200 creative-1.0.6.min.js Show response
s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/scripts/ Frame ED17 2 KB
969 B 486ms
0ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/scripts/creative-1.0.6.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a44400fb88aaf018fb0e9aff450c4b708da545d38ab0317d6bc599f093e20030

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10527884/1607327656544/dfC_Online_PERSOENLICH_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 03:44:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27371
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 855
x-xss-protection: 0
last-modified: Mon, 07 Dec 2020 07:54:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Wed, 05 May 2021 03:44:48 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 2CBD
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

281 B
554 B

333ms
59ms

Document
text/html

104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8060095&crid=4706985&dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&cmcv=&pix=undefined&cb=1620127248400&uv=2963&tms=1620127248400&abt=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm!widgetVsMoat_vB&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9D1FBA8A03326343833709859&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://imprammp.taboola.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://imprammp.taboola.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 04 May 2021 11:21:00 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Date: Tue, 04 May 2021 11:21:00 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 6118
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

281 B
554 B

404ms
50ms

Document
text/html

104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://am-match.taboola.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://am-match.taboola.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 04 May 2021 11:21:00 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Date: Tue, 04 May 2021 11:21:00 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2D8E 22 KB
8 KB 276ms
0ms Document
text/html 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 04 May 2021 11:18:17 GMT
expires: Wed, 04 May 2022 11:18:17 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 163
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 728x90_edge.js
s0.2mdn.net/9053774/1616753578552/ Frame A46B 2 KB
2 KB 703ms
26ms Image
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9053774/1616753578552/728x90_edge.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9053774/1616753578552/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9053774/1616753578552/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 14:05:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76522
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 803
x-xss-protection: 0
last-modified: Fri, 26 Mar 2021 10:12:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 04 May 2021 14:05:38 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 7616 176 KB
61 KB 703ms
120ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 10:33:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2823
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 10:33:57 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/elements/html/ Frame 7616 8 KB
3 KB 696ms
199ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/356285/40083639/xbbe/creative/adj?p=APEucNX9XxeUIKzF8tbMadUKHdp08EfsVDr_cXhrDr4Uzy-qlQ585As&d=CnkAoCZ_4PGewg6aNdfSszIgdtYKHkpTByq1tBHSsp0c2y2ihcERLDj2_ShfcYCoiWx0nSS8lGX-1TzuBMb6LLGKtupjl1I1-JZvqFJF1l6HeGsW5_KEXY8kVgIZdffAVLuOXDjpiEx-0WVLlNEcTdiRWmteZI12nc_EEskRAKAmf-BnJ65XSzjHKMuhQ-kYow_-qW9nQcjM1ajtAak18QB-uSD32VRRGoFF8t9ilH4xtjn6wCNqbrQT9o6Y6MK-w1qFKUEdvpjjjwPG4diEO3SXgK9IWWBkH5mLDt1Nghe7e59iKN8dhqo1gMV_ZIBmEHXcFdZUAnQP5QxGa1eY5MHlRawb3KbR5AxHXELLGRSIHJyC9HtNUNCxcoHJbhSxIKU3_J3JNv5dfmggUcMTCJLZ3kqAzR9YjI_GmP72KrnN0BhBRJtrWqu4TSdn4lBEhqwxqIzzLKj2O_aiCPjYUkyVQpfhNzl2hl7Ea4cVRIpqOlVYSc-3qqGpagE5k0JLJnxHXIarPfG40Zw2F9nFggK0O91v29l513k9G2T0d5OD7mHHsPUIJLlpDH_lLSMSxvjJ5dS8yzuoeQzCIY8ilkcbwnW0njTEDPGAIR8b43YbeZmjLz9-PkM6aeIq0VZRZxwmU7vjHSAy5AGe-Ljjri8cqkakKNl2oW4XasQAD1DJi8i2fdH2nrzbQadmkwEbMKf83vym2YoPvNX1eowz9gNudPX0RfMSpu2-sB4mbn0QyO6T1GtC2qF2w3ePf-LHSMsPmyILsbwCz4E68oYQ3RMKeH0nbMehqqhouMfwtQlNpm41zBeb7R6xj2MoVBlc_L23VWNwKs9oNgTEvHcUe6QhRKbbHVtke9xTQ5zDvKHeRKtDMrCFMyR0dWLpNGe9blNs1S2B1DucwjKAMGD-ons7yy9CNFoDddxwoReofX5AA81ZAcnNfGJtizhFbbxcudcP0Dz4ZHM9MQYQBevp-TFIjwnhR1ZXvEnCwug94-YNHOhipcKzvjB9g26KWAJ6v4QpLZWVT7Kx_m-DqR3WRDAAvWPyD--sn5v17lybfYiBMQSJce-Le0qLlB7yTNQi5wNeINlGLPtJS3Z2fVUt5sAiSu8kJJ_ibX6DXhe5DcR3p4jJlmWy2xp8ZaxqkdgSGxY_eMqPhvBZxXzZzoYDjTy6c52ACWa6ikuBtgWxLu3sws1JX0AneGGK_h3Kp9yD_9lEue4Iurm2KobWVAh-T9mQDIYvG5WbMqbGsHFkMzP47dXB3r-5xNPiGYqrBHN9geV1n-dlScyZYUn02c8Ux3c9VXQp6igF6ZOHR71pZ1iobeOGhMwkaQx7FINLbE60KnjewhSsI0q4BK7PiNIE-gQnVqsqW-WScy2O-J6-laKVe1mhaPlVG0URociZVn3DtKlg2ayZ0zNquwVDATk9LfbKLx8YYHucxuUn9QR-J-S6qh3JipwbzRakVNtT2wDhADHLaUgIWMG75PIgzA6ucJrpf-PM6pj58iaBXO4PYbf_vswSTjvqvcuEltKJel4jAaHHCwYX4l4I_3LG7j0o-7Frb0_RmMo1vka8t9-U8aE5iQb0cEranfwtudabUt-JaFfagFeoXZiUCHEmx-qUcc2nGGOJX3DHy0ZArHvNdLvVugAgzaBU8ZKZKZNLXqsLL-4h86BxswQOzYzd946JG3AMhr3bWhyOXNjf6kaM4jemIYpE6IfE7kTlsG5zfwtNyGclAMDDhDeoer0V4c0gUoq_YQIsMSQcS9AraBZi_NmTOV8pSju0U_aueA-XHEJtSp6uRCIrSIwn-KNEevuzHGTgv6W5ZLGhvGCSzPsmUbLwrDiHmcc1GduMOrLdJPaUUKGsy8FgyABkMDRi0UNQWuz9r-yLnY1wZCqru_rc_jzi5_c5g4mPSu7W3TCs6g_yFZAgA1zgbTMJx264oDFKLo0T2pGRDQwgLC1SPpScotZUoqFwOHKCnbbD5C7JJAzDPYDywyaroblKAVrzuHG93qBYiu4FAvk7d-Xkb52zigMNpgp97vVFOGdw3ugGvncfc2WhyM7vvILTQQvsM7zw7MmIdGYlPaU3jzMmT8fGQIvp7uzb5O1JVgHTBRvhq_1DgvK4ues5NYV2A3cV9RuQ-hAOlolIE0ZJhwu6T4iKRwqdNVRVHyOFK9NNu3vCntKUYQJB8nfrw_thCBHdjJDe9fjvIinot6_OobG_tuhQxCO_ocCefqIySVc_mHIDcuJbRRUC_3zZGuIENAwjSnKqFEdBYpvQzmKctk6sPVGG16PhU8gUl-EIeirnl5tjmf-4nL078NbkrpEiAKyiu1tUqtRLYzig_UrkmPgVf-zdCPBPfQ06f705EMwB9tJ_ewMLFAglnjlHlzfB8TM8cjJvB7_-NWKe6OVGjhyBasxhyhlOdMSaTUfdF3eFizDy8zSHQoFvlLY98McW08mLYpEazssgqSk7O2tR4v_edB0Ugl49CCdKiFqkhAzIn6BZW24mwMcuXxkmGDR05esYpygUJB_YiUEEyuHNR5OVOaasTUij3UZxRexl8-c1vUnJWRhpif-FJoj2PLFx7Pgg8GStf8EEiI12FpmZNr5DLEs7NgwkCmZkuAXGewVFctyWWobEr86MzmyzE-fYd3oeEPoj4cBN_wnMizTQTpSdcgGa2VmQ8nSgnNCmYfj142yzb3nIrXbu3J4oH_c8vgKNSc-Gg-Vn8mt-gAfU2IwbnSryfIO_Lf_BnyKGhO61XpgVVinb8-8l_xs9l-T0nTXNVY7yOlgP5Lth8lhSQmeC32Gk6bfaJnp6TzvughzcjizwLOva9c0m3OsO6k2VeaSzav7P6Dd2_AZhMY5D_rbnGP1779lPyfaWovYM5OHaR9Jp-EByRpm-8yQ5BPQgz_narXiM0scwUC4d0L4PMgjUkJ9jfK9YERo0vB-f4KXUZ0YIySG-PXvu1KSmZyZhl1t_PXMyaoNMAq9bOYtlqj40UgkiSpixG85Cu3iDfu7IZqAYZ1RMWGxWOZkx1n_2noFP4OFxi0jxgP5dPWikLN34GEAzehES4CIb73VwyN8jzAo8z0_r0HTjNVe2rafIVRTQG5n973GZ-PFgG7BH3r9IGGsIvCvzCEzad0ywSBqCKV6AJ8Bv2Nvnloofwb-PvI7vDYm34_EL5dgVvd0aFggAEhLkaOhqI9tJNe5myqFwQsW0dxBgAQ&adsafe_url=https%3A%2F%2Fwww.dailymail.co.uk%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fbabd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fbabd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:e9bfff48-8ffd-6e27-cc3f-113c4522f704,c:bEdb4L,sl:na,em:true,fr:false,mn:app16ie,pt:1-5-15,br:u,abv:na,an:n,oam:0,nbld:0,fm:swrmQYL+111%7C112%7C12%7C13%7C141%7C15%7C161%7C162%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1c%7C1d%7C1e%7C1f%7C1g%7C1h%7C1i1%7C1j1%7C1k%7C1l%7C1m*.356285-40083639%7C1m1%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v,idMap:1m*,pl:,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,thd:1,et:542,oid:c70aff46-acca-11eb-be56-067f141e2336,v:19.8.193,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:20:16 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/ Frame 7616 22 KB
8 KB 440ms
0ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09f0fa32fa39db3e3da2eea89bf806be0b147366343a0934e30f164a12431b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:13:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 426
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8608
x-xss-protection: 0
server: cafe
etag: 12149544148951276823
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 May 2021 11:13:54 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1D1D 22 KB
8 KB 333ms
176ms Document
text/html 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 04 May 2021 11:18:17 GMT
expires: Wed, 04 May 2022 11:18:17 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 163
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6627 42 B
108 B 446ms
0ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu3DabSwh6YPQgpulxW5HXY-QnRGY4uCOZ0YRxvNnSgc3o5DNKBm6DRIo-I6fSxCYeucHUx18mxGDZj8YqUj-TGQT6BpUcFKDUDieMdRN4kqRoi&sai=AMfl-YQp7cZePD92CJZc_BnS0uWCQoX1qyJgnWwiYf9Hx438cZUHu5YsOPbsvLJTli7eMAaHcxsWsV4GXXGj3UbusIKT6T-6_ui3iA_4a9tngbPHOs8YinOB0hEGjCf4&sig=Cg0ArKJSzEJJVrS1nitkEAE&cid=CAASEuRokSQuUy3c92JPNijn-BCuEg&id=lidar2&mcvt=1385&p=20,3,620,303&mtos=1385,1385,1385,1385,1385&tos=1385,0,0,0,0&v=20210503&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2894056308&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 14F2 236 KB
63 KB 316ms
52ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10388772/1619617588040/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10388772/1619617588040/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 May 2021 11:21:01 GMT

GET
H3-29 200 config.js Show response
s0.2mdn.net/10388772/1619617588040/ Frame 14F2 1 KB
503 B 255ms
35ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10388772/1619617588040/config.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10388772/1619617588040/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

18c6009e69fbdff5d7a28e1d10073711761393ef9e29daac23220aa33515c8ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10388772/1619617588040/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 22:03:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47868
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 479
x-xss-protection: 0
last-modified: Wed, 28 Apr 2021 13:46:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 04 May 2021 22:03:13 GMT

GET
H3-29 200 index.js Show response
s0.2mdn.net/10388772/1619617588040/ Frame 14F2 68 KB
13 KB 264ms
51ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10388772/1619617588040/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10388772/1619617588040/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

35ec657bf3d575b82683bdd895a48b461934f996bb6935823abd197205b3ff98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10388772/1619617588040/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 22:03:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47868
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13788
x-xss-protection: 0
last-modified: Wed, 28 Apr 2021 13:46:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 04 May 2021 22:03:13 GMT

GET
H2 200 poster.jpg
s0.2mdn.net/10388772/1619617588040/ Frame 14F2 16 KB
16 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10388772/1619617588040/poster.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10388772/1619617588040/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2b16c2d174e20b667fbd54e3a60aa4e8cd208f48000d1021a71d22698a0a2b4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10388772/1619617588040/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 22:03:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 28 Apr 2021 13:46:28 GMT
server: sffe
age: 47869
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16236
x-xss-protection: 0
expires: Tue, 04 May 2021 22:03:13 GMT

POST
H2 202 /
crta.dailymail.co.uk/ 8 B
571 B 293ms
107ms Ping
text/plain 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://crta.dailymail.co.uk/
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: http-to-kafka/0.8.10 /
Resource Hash: a00fb0c50741f81bb51d35b4475a4357f8039aabd896a21036bc516839401595

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:01 GMT
server: http-to-kafka/0.8.10
etag: W/"8-YaBXLEiT7zQxEyDYTILfiL6oPhE"
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 8
expires: Tue, 04 May 2021 11:21:01 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 8054 0
191 B 197ms
38ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEEqs3P9g0xjXXvXGoIETnMc&google_cver=1&google_push=AQvitUKg22vyuDkSmBUg266irAaKQLcTAfh0M8htWC9N6MUzjQznidREH8oCKr5NnRn2wjKSgbJEdOVL3YHM6WYErlbHoTvbjsM
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:00 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8054
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECk6Y8AQCo6zf8GZLMkJfNw&google_cver=1&google_push=AQvitUK4bPixTtqb-m9nC3M9M9yhT_DK6TuD7ZEtXMxIfT8McnCaFZLMAF2DH7rQ2AK5nFYrio_7-mD_hpH...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUK4bPixTtqb-m9nC3M9M9yhT_DK6TuD7ZEtXMxIfT8McnCaFZLMAF2DH7rQ2AK5nFYrio_7-mD_hpHPlKBaA1R2ahlqm7U&google_hm=29K7nk3ZSvu25m10QzVm_uI

170 B
188 B

243ms
133ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUK4bPixTtqb-m9nC3M9M9yhT_DK6TuD7ZEtXMxIfT8McnCaFZLMAF2DH7rQ2AK5nFYrio_7-mD_hpHPlKBaA1R2ahlqm7U&google_hm=29K7nk3ZSvu25m10QzVm_uI

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:00 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUK4bPixTtqb-m9nC3M9M9yhT_DK6TuD7ZEtXMxIfT8McnCaFZLMAF2DH7rQ2AK5nFYrio_7-mD_hpHPlKBaA1R2ahlqm7U&google_hm=29K7nk3ZSvu25m10QzVm_uI
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8054
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEFZdjG6P8Br5hlX2FsrbH-s&google_cver=1&google_push=AQvitULcVf6d7mpGVE8GKkubPd2lwXX5Jn30KBZhB2TcWjpNb0rZ_rqs0ZSV5c3wwse-hX0p8LS2CnDaowBr5CFt8uzY1XbpsO38
https://rtb.openx.net/sync/dds?google_gid=CAESEFZdjG6P8Br5hlX2FsrbH-s&google_cver=1&google_push=AQvitULcVf6d7mpGVE8GKkubPd2lwXX5Jn30KBZhB2TcWjpNb0rZ_rqs0ZSV5c3wwse-hX0p8LS2CnDaowBr5CFt8uzY1XbpsO38&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULcVf6d7mpGVE8GKkubPd2lwXX5Jn30KBZhB2TcWjpNb0rZ_rqs0ZSV5c3wwse-hX0p8LS2CnDaowBr5CFt8uzY1XbpsO38&google_hm=Eax5eUtnwgcOOps6-5tAjQ==

170 B
232 B

100ms
99ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULcVf6d7mpGVE8GKkubPd2lwXX5Jn30KBZhB2TcWjpNb0rZ_rqs0ZSV5c3wwse-hX0p8LS2CnDaowBr5CFt8uzY1XbpsO38&google_hm=Eax5eUtnwgcOOps6-5tAjQ==

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:01 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULcVf6d7mpGVE8GKkubPd2lwXX5Jn30KBZhB2TcWjpNb0rZ_rqs0ZSV5c3wwse-hX0p8LS2CnDaowBr5CFt8uzY1XbpsO38&google_hm=Eax5eUtnwgcOOps6-5tAjQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 4473tod3q54ou3ad3hdqbok49fl6ufmh

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8054
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJzofAcinhKhFtmPCJWfqE&google_cver=1&google_push=AQvitUJwCGt7VCLcx43tRopGx332N9XjUsgFpjlc9cLyIpSGEpoUQPOb0MIaghE86FwbPQMTrV4...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S085WFhWSTQtMVItTTdTUg==&google_push=AQvitUJwCGt7VCLcx43tRopGx332N9XjUsgFpjlc9cLyIpSGEpoUQPOb0MIaghE86FwbPQMTrV4NMlcu9xwdiO9350nNK6Db7f4

170 B
188 B

244ms
135ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S085WFhWSTQtMVItTTdTUg==&google_push=AQvitUJwCGt7VCLcx43tRopGx332N9XjUsgFpjlc9cLyIpSGEpoUQPOb0MIaghE86FwbPQMTrV4NMlcu9xwdiO9350nNK6Db7f4

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S085WFhWSTQtMVItTTdTUg==&google_push=AQvitUJwCGt7VCLcx43tRopGx332N9XjUsgFpjlc9cLyIpSGEpoUQPOb0MIaghE86FwbPQMTrV4NMlcu9xwdiO9350nNK6Db7f4
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8054
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJEuHXz3VMQ_Hki76PC33wAABMAAAAAB&google_cver=1&google_push=AQvitUKKCUSOnNMtSIypf3HptFWa6Bo2PWXjnfOvomOFTl_wbg5z8dsqvyApimOcwn7muIIj7jfP...

170 B
232 B

100ms
98ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJEuHXz3VMQ_Hki76PC33wAABMAAAAAB&google_cver=1&google_push=AQvitUKKCUSOnNMtSIypf3HptFWa6Bo2PWXjnfOvomOFTl_wbg5z8dsqvyApimOcwn7muIIj7jfPyxq_3KncetCDjaZDDELzPkxY&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 May 2021 11:21:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJEuHXz3VMQ_Hki76PC33wAABMAAAAAB&google_cver=1&google_push=AQvitUKKCUSOnNMtSIypf3HptFWa6Bo2PWXjnfOvomOFTl_wbg5z8dsqvyApimOcwn7muIIj7jfPyxq_3KncetCDjaZDDELzPkxY&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Tue, 04 May 2021 11:21:02 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8054
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEN6jUEOTQk6gcf08yj-OQKQ&google_cver=1&google_push=AQvitUIJC45UQa_e3nsHxpTlX5K0bx8_ikLGptXdPa3F9BCmwvrwe2NW55D42pbHA8ik1YhgG68uWoUnvOJm6L1q...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUIJC45UQa_e3nsHxpTlX5K0bx8_ikLGptXdPa3F9BCmwvrwe2NW55D42pbHA8ik1YhgG68uWoUnvOJm6L1qhlBUYeBKAh8

170 B
188 B

244ms
133ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUIJC45UQa_e3nsHxpTlX5K0bx8_ikLGptXdPa3F9BCmwvrwe2NW55D42pbHA8ik1YhgG68uWoUnvOJm6L1qhlBUYeBKAh8

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 May 2021 11:21:01 GMT
via: 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUIJC45UQa_e3nsHxpTlX5K0bx8_ikLGptXdPa3F9BCmwvrwe2NW55D42pbHA8ik1YhgG68uWoUnvOJm6L1qhlBUYeBKAh8
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: q7rUGm2QtjTk8GDNi9cIkiIVxcRoxwgpOyO_4qRE_sprRbuGdueIJg==

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8054
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEEC-moqVE4NRyxQW3PKt274&google_cver=1&google_push=AQvitUIR98_ACTTvcXIXKGf8YuMhPD1O1ZdLrcQMuNck1dat7bwkGtJA0QPGFzWvEGr5J2PAbKVXSluJBw14ryVsoPjAve...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEEC-moqVE4NRyxQW3PKt274&google_cver=1&google_push=AQvitUIR98_ACTTvcXIXKGf8YuMhPD1O1ZdLrcQMuNck1dat7bwkGtJA0QPGFzWvEGr5J2PAbKVXSluJBw14ryVs...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2h2u8X6MQ4msHKqxMnxpqg&google_push=AQvitUIR98_ACTTvcXIXKGf8YuMhPD1O1ZdLrcQMuNck1dat7bwkGtJA0QPGFzWvEGr5J2PAbKVXSluJBw14ryV...

170 B
243 B

99ms
98ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2h2u8X6MQ4msHKqxMnxpqg&google_push=AQvitUIR98_ACTTvcXIXKGf8YuMhPD1O1ZdLrcQMuNck1dat7bwkGtJA0QPGFzWvEGr5J2PAbKVXSluJBw14ryVsoPjAve1f7pk

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2h2u8X6MQ4msHKqxMnxpqg&google_push=AQvitUIR98_ACTTvcXIXKGf8YuMhPD1O1ZdLrcQMuNck1dat7bwkGtJA0QPGFzWvEGr5J2PAbKVXSluJBw14ryVsoPjAve1f7pk
date: Tue, 04 May 2021 11:21:02 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 8054 0
12 B 146ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IHULZFNlvmp7si9_lbfFblu_6-cAPCZn8uO7ZglyyE1wKI_5w_52xizzc-EC6KFaohX4di

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:01 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7616 43 B
215 B 119ms
117ms Image
image/gif 54.196.119.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=356285&asId=e9bfff48-8ffd-6e27-cc3f-113c4522f704&tv=%7Bc:bEdcDr,pingTime:-10,time:6510,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.5.5v220002022000220000022002222000022220200000222200222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNS41djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNS41dk1vemlsbGF8fE5ldHNjYXBlfHxufHwxNnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,asp:1620127261392%7C%7Ca7bb30b7b7456902370c408308cc106b%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7Cb2dfefb85a04aa9240f3f4953fdaf9cd%7C%7C5ea2416c800ee0ffd0212ac26a2c1c9b%7C%7Ca27f9a440ca4d877256bdd1145a9c354%7C%7C6617f8d84b6135db275214a98b591975%7C%7Ce838d65b9ad330f63bc63c1b5a386bae%7C%7C1619710151,ch:eyJiIjpbXSwibSI6ZmFsc2UsImgiOnsiYXJjaGl0ZWN0dXJlIjoiIiwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsInVhRnVsbFZlcnNpb24iOiIifX0-%7D
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.196.119.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:01 GMT
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200 ads Show response
des.smartclip.net/ Frame 1BFC 2 KB
1 KB 399ms
74ms XHR
application/xml 63.34.51.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://des.smartclip.net/ads?type=dyn&plc=108224&sz=400x320&api=2&optout=0&consent=&ref=https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&rnd=294787709
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.51.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-51-8.eu-west-1.compute.amazonaws.com
Software: nginx/1.17.6 /
Resource Hash: ce1d83e0598f7d208d682ff6ed246eb1353b76e8ab18c34b237e88ed896a804e

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:21:02 GMT
Content-Encoding: gzip
Sc-Supply-Network: 999999
Vary: Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Sc-Uuid: 7dae8dff-03da-4c6f-8a65-bb85e9774935
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Content-Type: application/xml; charset=utf-8
Sc-Device-Type: PC
Server: nginx/1.17.6

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 606D 0
60 B 92ms
91ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:21:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 77F9 0
23 B 143ms
99ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:21:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 77F9 43 B
215 B 138ms
128ms Image
image/gif 54.196.119.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=677475&asId=2a1dcd9b-be20-0a92-7296-dec78d7d6690&tv=%7Bc:bEdcVC,pingTime:-10,time:12152,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.5.5v220002022000220000022002222000022220200000222200222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNS41djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNS41dk1vemlsbGF8fE5ldHNjYXBlfHxufHwxNnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,asp:1620127262554%7C%7C5f7c01aa3a7d39847324a6e783c2f309%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7C0f1b987e66a2f17859762faab21fcaae%7C%7C3394b247f2954dcf9ccfac58b97656e5%7C%7C0937480f5e31b91dcc9f5e0e232060cd%7C%7Ca4733dea1898d50d10e91792496aaefc%7C%7Cd3a3a4b11d4c346742efd2a490f017bb%7C%7C1619710151,ch:eyJiIjpbXSwibSI6ZmFsc2UsImgiOnsiYXJjaGl0ZWN0dXJlIjoiIiwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsInVhRnVsbFZlcnNpb24iOiIifX0-,im:%7Bpci:%7Btdr:4743%7D%7D%7D
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.196.119.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:02 GMT
x-server-name: dt64.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Show response
pagead2.googlesyndication.com/bg/ Frame F145 14 KB
6 KB 92ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a813a165c4b7c37247c53dc8a085d071216f041ef968edf187deafaed45f04b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:04:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 28 Apr 2021 12:48:00 GMT
server: sffe
age: 975
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5711
x-xss-protection: 0
expires: Wed, 04 May 2022 11:04:47 GMT

GET
H2 200 WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Show response
pagead2.googlesyndication.com/bg/ Frame 3860 14 KB
6 KB 59ms
15ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a813a165c4b7c37247c53dc8a085d071216f041ef968edf187deafaed45f04b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:04:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 28 Apr 2021 12:48:00 GMT
server: sffe
age: 975
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5711
x-xss-protection: 0
expires: Wed, 04 May 2022 11:04:47 GMT

GET
H3-29 200 728x90_edge.js Show response
s0.2mdn.net/9053774/1616753578552/ Frame A46B 2 KB
827 B 54ms
37ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9053774/1616753578552/728x90_edge.js

Requested by

Host: animate.adobe.com
URL: https://animate.adobe.com/runtime/5.0.0/edge.5.0.0.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6114e06307953ebc3f334094b18d68073d59d495277d2c38e930f75f85042f18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9053774/1616753578552/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 14:05:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76524
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 803
x-xss-protection: 0
last-modified: Fri, 26 Mar 2021 10:12:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 04 May 2021 14:05:38 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/ Frame 659D 106 KB
39 KB 42ms
23ms Document
text/html 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6c4d4d460c56e17376f8ede9fb94328f99ccd3eb52c3ec3451c0008a67550e16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 40296
date: Tue, 04 May 2021 11:21:03 GMT
expires: Wed, 05 May 2021 11:21:03 GMT
cache-control: public, max-age=86400
last-modified: Mon, 14 Oct 2019 11:57:47 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7616 0
23 B 137ms
121ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvwiFtgpGnM-PaVrF_B2vtXT0XTwee1I4uhWVDkwJZC6nHBEy5_bD384JRVdDl_9qq8DOLStH4NpTT-fiok9fIeLZJHXefzqOY9pfukBwrwk3EjTHmnti2NlurT4GUe4Kexng-gHiNo6eL7&sai=AMfl-YTrjAOmyMR08cQD0lPA6ixrxdPKVa3Dz0-oG_UGP7MSxOlNVHX6jTOZoskuVMaBzVq_WQSZAhk628sixJAjM3saaDH_-DWPzfI&sig=Cg0ArKJSzDEJ3GsyGVDMEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2660&cbvp=1&cstd=2625&cisv=r20210429.21997&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:21:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 204 ad_impression.gif
beacon.krxd.net/ Frame 7616 0
347 B 809ms
61ms Image
text/plain 34.246.207.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/ad_impression.gif?confid=snij5v2gy&_knopii=1&campaignid=23262101&advertiserid=6541121&placementid=256161320&adid=453785153&creativeid=123043954&siteid=5651634
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.207.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:03 GMT
cache-control: private, no-cache, no-store
x-request-time: D=37 t=1620127263
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-served-by: beacon-n007-dub-prod.krxd.net
x-no-pii: 1

GET
H2 206 300x296_Frau.mp4
d38k2esv5oh9bn.cloudfront.net/wifi/2021/0425.09.21002/mp4/ Frame 14F2 1 MB
0 764ms
66ms Media
video/mp4 65.9.76.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d38k2esv5oh9bn.cloudfront.net/wifi/2021/0425.09.21002/mp4/300x296_Frau.mp4
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/10388772/1619617588040/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.76.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://s0.2mdn.net/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Tue, 04 May 2021 11:21:03 GMT
via: 1.1 bf5caee39117de5337c47c748b716e80.cloudfront.net (CloudFront)
last-modified: Thu, 08 Apr 2021 08:48:24 GMT
server: Apache
x-amz-cf-pop: AMS1-C1
etag: "3a901e-5bf721c3ab910"
x-cache: Hit from cloudfront
content-type: video/mp4
Content-Range: bytes 0-3837981/3837982
cache-control: max-age=1800
accept-ranges: bytes
Content-Length: 3837982
x-amz-cf-id: aGSHufqQ0EHAoW078gxEgpRkykQ_9RUDN3U-n4FFh9wvtlFuh8bspw==
expires: Tue, 04 May 2021 11:35:53 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7F77 1 KB
749 B 23ms
12ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 04 May 2021 03:14:09 GMT
expires: Wed, 05 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 29214
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7616 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e5f52f4005613f641902e1064c554a13f2b8adb79d4267294128593a42b8529

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2CBD 30 KB
9 KB 210ms
61ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e23d6a22a546762e5fcef2d5d4a189087c29034daa589e0a37b333ec4691ee09

Request headers

Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:21:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 21:43:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=10634
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9235
Expires: Tue, 04 May 2021 14:18:17 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 6118 30 KB
9 KB 140ms
43ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e23d6a22a546762e5fcef2d5d4a189087c29034daa589e0a37b333ec4691ee09

Request headers

Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:21:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 21:43:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=10634
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9235
Expires: Tue, 04 May 2021 14:18:17 GMT

GET
H3-29 200 WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Show response
pagead2.googlesyndication.com/bg/ Frame 2D8E 14 KB
6 KB 169ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a813a165c4b7c37247c53dc8a085d071216f041ef968edf187deafaed45f04b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:04:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 28 Apr 2021 12:48:00 GMT
server: sffe
age: 976
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5711
x-xss-protection: 0
expires: Wed, 04 May 2022 11:04:47 GMT

GET
H2 200 api Show response
te.technical-service.net/ Frame 1BFC 1 KB
1 KB 654ms
46ms XHR
application/xml 18.194.117.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://te.technical-service.net/api?url=https%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%253F_hsmi%253D88974744%2526_hsenc%253Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&opt=0&rt=vast3&pa=31&vastadtaguri=https://ad.sxp.smartclip.net/select%3ftype%3dvast3%26ple%3dmailmetromedia.dailymail.html5.at.smartclip~~400x320%26fwd_catid1%3d__CATID1__%26fwd_catid2%3d__CATID2__%26fwd_catid3%3d__CATID3__%26fwd_tthc%3d__TTHC__%26fwd_sz%3d400x320%26__KVSEGMENTS__%26ang_tpl%3d2%26ang_ref%3dhttps%3A%2F%2Fwww.dailymail.co.uk%2Fwires%2Freuters%2Farticle-9539403%2FBrazils-Itau-beats-estimate-lower-provisions-trading-gains.html%253F_hsmi%253D88974744%2526_hsenc%253Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI%26optout%3d0%26consent%3d%26rnd%3d6842898
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.117.230 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-117-230.eu-central-1.compute.amazonaws.com
Software: uvicorn /
Resource Hash: 7d28edc05fd83f4c00fbde0d37b12d30b6932e1a907ccaa832fc283f55b6519a

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:03 GMT
server: uvicorn
access-control-allow-methods: GET, OPTIONS
content-type: application/xml
access-control-allow-origin: https://imasdk.googleapis.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 1158

GET
H3-29 200 bg.jpg
s0.2mdn.net/9053774/1616753578552/images/ Frame A46B 126 KB
126 KB 24ms
8ms Image
image/jpeg 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9053774/1616753578552/images/bg.jpg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

64f8c8e42495b86c2c857cb038d8f091a374725734c55884faa022d51d2e7c17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9053774/1616753578552/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:20:09 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Mar 2021 10:12:58 GMT
server: sffe
age: 54
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128735
x-xss-protection: 0
expires: Wed, 05 May 2021 11:20:09 GMT

GET
H3-29 200 WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D1D 14 KB
6 KB 90ms
9ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a813a165c4b7c37247c53dc8a085d071216f041ef968edf187deafaed45f04b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:04:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 28 Apr 2021 12:48:00 GMT
server: sffe
age: 976
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5711
x-xss-protection: 0
expires: Wed, 04 May 2022 11:04:47 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 2CBD 284 B
536 B 42ms
35ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?gdpr=1&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/jpg

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 6118 284 B
536 B 40ms
40ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?gdpr=1&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/jpg

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7616 42 B
108 B 62ms
55ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssjiEtf-WmsS6WJymMqI0vC73ovSetXH4_OBpGAOMiZeADA9jKB-zL7HDYaB35Dbt7pHBSJJYOr3EgjTOixIO79jy_MGS3UKLvf_6Qxd023-6dYHJj5JFMb6fNU2w&sai=AMfl-YTBDHrbLxHSp0gO0sq8rzDVe_lb2rqw7vdeqLkuoxEzI96e4l61E99YPnRZEQH31p1fhvLtt4sePnYziGoY7jxJHnCOwVRQOAbAgD9IBn1G8QaBuK1puuKQYIHd&sig=Cg0ArKJSzJrrVB-Jeh0eEAE&cid=CAASEuRo6Goj20k17mbKoXBCxbR3EA&id=lidar2&mcvt=1699&p=20,1297,620,1597&mtos=1699,1699,1699,1699,1699&tos=1699,0,0,0,0&v=20210503&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812723490&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1620127245595&dlt=1367&rpt=2&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Enabler_01_238.js Show response
s0.2mdn.net/879366/ Frame 659D 106 KB
36 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_238.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

80c7fe7749a6e8c85fa6473e7bbba5c5dc6ffe20a86036de26d91bd4b9a4e8d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 09:15:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7513
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36751
x-xss-protection: 0
last-modified: Tue, 11 Jun 2019 21:21:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 09:15:52 GMT

GET
H2 200 createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 659D 186 KB
48 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49100
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 May 2021 11:21:05 GMT

GET
H2 200 index.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/ Frame 659D 67 KB
15 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

96d9a7660e674c312a654212871f5eb4b9df4127c39273390985e439940c0e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 07:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14155
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15451
x-xss-protection: 0
last-modified: Mon, 14 Oct 2019 11:57:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 07:25:10 GMT

GET
H/1.1

200

select Show response
ad.sxp.smartclip.net/ Frame 1BFC
Redirect Chain

https://ad.sxp.smartclip.net/select?type=vast3&ple=mailmetromedia.dailymail.html5.at.smartclip~~400x320&fwd_catid1=1003988&fwd_catid2=2024881&fwd_catid3=3138651&fwd_tthc=da01d19d-fc64-4f82-a18b-c5f...
https://ad.sxp.smartclip.net/select?type=vast3&ple=mailmetromedia.dailymail.html5.at.smartclip~~400x320&fwd_catid1=1003988&fwd_catid2=2024881&fwd_catid3=3138651&fwd_tthc=da01d19d-fc64-4f82-a18b-c5f...

6 KB
2 KB

245ms
133ms

XHR
application/xml

54.228.50.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sxp.smartclip.net/select?type=vast3&ple=mailmetromedia.dailymail.html5.at.smartclip~~400x320&fwd_catid1=1003988&fwd_catid2=2024881&fwd_catid3=3138651&fwd_tthc=da01d19d-fc64-4f82-a18b-c5faaac7dbfb&fwd_sz=400x320&fwd_dp4=7&fwd_dp5=7&fwd_dpi1=7&fwd_i1=5&fwd_j4=1&fwd_j5=2&fwd_seg=e0:e1:e10p:e11p:e11r:e12e:e133:e13a:e14b:e1bi:e1bn:e1bw:e1bz:e1o0:e1o1:e1o2:e1o3:e1o4:e1oa:e1oc:e1od:e1oe:e1og:e1oh:e1oi:e1om:e1oq:e1ot:e1p0:e1p1:e1p6:e1p7:e1p8:e1p9:e1pe:e1ph:e1pi:e1pp:e1pq:e1qk:e3a:e3e:e3i:e3m:e3o:e3t:e3u:e3x:e4:e40:e41:e43:e49:e4b:e4c:e4d:e4g:e4i:e4j:e4l:e4m:e4n:e4p:e4t:e4v:e4x:e50:ec:ed:ei8:euu&ang_tpl=2&ang_ref=https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&optout=0&consent=&rnd=6842898&ang_testid=1
Requested by: Host: www.dailymail.co.uk
URL: https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.50.17 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash: 2c58bac813be0f32f27a496e3fa587a294931b5fa9d5b429af347f74aa40e720

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 04 May 2021 11:21:06 GMT
Content-Encoding: gzip
Sc-Supply-Network: 1
Vary: Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Content-Type: application/xml; charset=utf-8
Sc-Device-Type: PC
Server: nginx/1.17.6

Redirect headers

Date: Tue, 04 May 2021 11:21:05 GMT
Server: nginx/1.17.6
Location: https://ad.sxp.smartclip.net/select?type=vast3&ple=mailmetromedia.dailymail.html5.at.smartclip~~400x320&fwd_catid1=1003988&fwd_catid2=2024881&fwd_catid3=3138651&fwd_tthc=da01d19d-fc64-4f82-a18b-c5faaac7dbfb&fwd_sz=400x320&fwd_dp4=7&fwd_dp5=7&fwd_dpi1=7&fwd_i1=5&fwd_j4=1&fwd_j5=2&fwd_seg=e0:e1:e10p:e11p:e11r:e12e:e133:e13a:e14b:e1bi:e1bn:e1bw:e1bz:e1o0:e1o1:e1o2:e1o3:e1o4:e1oa:e1oc:e1od:e1oe:e1og:e1oh:e1oi:e1om:e1oq:e1ot:e1p0:e1p1:e1p6:e1p7:e1p8:e1p9:e1pe:e1ph:e1pi:e1pp:e1pq:e1qk:e3a:e3e:e3i:e3m:e3o:e3t:e3u:e3x:e4:e40:e41:e43:e49:e4b:e4c:e4d:e4g:e4i:e4j:e4l:e4m:e4n:e4p:e4t:e4v:e4x:e50:ec:ed:ei8:euu&ang_tpl=2&ang_ref=https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI&optout=0&consent=&rnd=6842898&ang_testid=1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html
Content-Length: 145

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 7F77 0
191 B 60ms
55ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEEqs3P9g0xjXXvXGoIETnMc&google_cver=1&google_push=AQvitUJbf5bNTX8-277b0Az6UnJgLc_p_O_xsPL4QehPKlI50vrd3fijXkqA2JgMpKvBOjjL9l6wg9wWBdilMV1M1ZK56UjDzKTULw
Requested by: Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:05 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7F77
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESED0UrGtgbCW7ZShFE5l4SlI&google_cver=1&google_push=AQvitUK-K0tkvLAkQYNfP6ndFcb2sYCD59d-l5cRbQz9cjfNpwNbRKKfrKqaj8Ye7_kdkFjXtNPgkmhUJzrkj_Xj59fhRny...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUK-K0tkvLAkQYNfP6ndFcb2sYCD59d-l5cRbQz9cjfNpwNbRKKfrKqaj8Ye7_kdkFjXtNPgkmhUJzrkj_Xj59fhRnyw6HfR9g&google_hm=Nzk2OTU3NTYxNTc0Mzkz...

170 B
188 B

53ms
47ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUK-K0tkvLAkQYNfP6ndFcb2sYCD59d-l5cRbQz9cjfNpwNbRKKfrKqaj8Ye7_kdkFjXtNPgkmhUJzrkj_Xj59fhRnyw6HfR9g&google_hm=Nzk2OTU3NTYxNTc0MzkzMzc5Ng%3D%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 May 2021 11:21:05 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUK-K0tkvLAkQYNfP6ndFcb2sYCD59d-l5cRbQz9cjfNpwNbRKKfrKqaj8Ye7_kdkFjXtNPgkmhUJzrkj_Xj59fhRnyw6HfR9g&google_hm=Nzk2OTU3NTYxNTc0MzkzMzc5Ng%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 7F77
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEFZdjG6P8Br5hlX2FsrbH-s&google_cver=1&google_push=AQvitUJAWTqF2PQ_bV8rwFMTiK8GWQZTc7P_Ic2kXcUQORe7IX64rWddaYEFcSMZzTfAfZVNtvciCNYxbrM_bG1AmClT4p_9itLDJQ
https://rtb.openx.net/sync/dds?google_gid=CAESEFZdjG6P8Br5hlX2FsrbH-s&google_cver=1&google_push=AQvitUJAWTqF2PQ_bV8rwFMTiK8GWQZTc7P_Ic2kXcUQORe7IX64rWddaYEFcSMZzTfAfZVNtvciCNYxbrM_bG1AmClT4p_9itLDJ...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJAWTqF2PQ_bV8rwFMTiK8GWQZTc7P_Ic2kXcUQORe7IX64rWddaYEFcSMZzTfAfZVNtvciCNYxbrM_bG1AmClT4p_9itLDJQ&google_hm=4UZqFLavyfwBW1dKzfo4_Q==

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7F77
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJzofAcinhKhFtmPCJWfqE&google_cver=1&google_push=AQvitULwhQYs-6BmEqTUvv11ORiCd6uU94xXzaFUZ7sIV1nqgu1WgMyPrfQpSeiEHw1_A91LliA...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S085WFhaMVctUC1MNDZV&google_push=AQvitULwhQYs-6BmEqTUvv11ORiCd6uU94xXzaFUZ7sIV1nqgu1WgMyPrfQpSeiEHw1_A91LliA7KUWj1PGIgFTHRZdGVZ5caHQqRw

170 B
188 B

53ms
46ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S085WFhaMVctUC1MNDZV&google_push=AQvitULwhQYs-6BmEqTUvv11ORiCd6uU94xXzaFUZ7sIV1nqgu1WgMyPrfQpSeiEHw1_A91LliA7KUWj1PGIgFTHRZdGVZ5caHQqRw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S085WFhaMVctUC1MNDZV&google_push=AQvitULwhQYs-6BmEqTUvv11ORiCd6uU94xXzaFUZ7sIV1nqgu1WgMyPrfQpSeiEHw1_A91LliA7KUWj1PGIgFTHRZdGVZ5caHQqRw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 7F77
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJEuIc1L46vmtmCBWeMeyQAABLIAAAIB&google_cver=1&google_push=AQvitUJJj6oao63Aq1BpDyO_WlBMkPUL8QSM4VSYY5XWFKWiNPjaEowSAkn6iHkvOqXWCpt9Mro2...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7F77
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEN6jUEOTQk6gcf08yj-OQKQ&google_cver=1&google_push=AQvitUIp2kiXH80WZhqy-ERuiIFsddnhjRztwqEwJZUgL7CgY6MgtZif6hDE28HnCY0izX3opwgdaKm3ILkIciZF...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUIp2kiXH80WZhqy-ERuiIFsddnhjRztwqEwJZUgL7CgY6MgtZif6hDE28HnCY0izX3opwgdaKm3ILkIciZFVZuft6aN2zs79w

170 B
188 B

60ms
57ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUIp2kiXH80WZhqy-ERuiIFsddnhjRztwqEwJZUgL7CgY6MgtZif6hDE28HnCY0izX3opwgdaKm3ILkIciZFVZuft6aN2zs79w

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 May 2021 11:21:06 GMT
via: 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AQvitUIp2kiXH80WZhqy-ERuiIFsddnhjRztwqEwJZUgL7CgY6MgtZif6hDE28HnCY0izX3opwgdaKm3ILkIciZFVZuft6aN2zs79w
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: y0vsnOuDzRf9VnO1rietvXvtzk5yE4nNrrGVhVYmTjYCE10prDbFZg==

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 7F77 0
59 B 167ms
20ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LOpSN6GEUnxs-gvZAbzVJltdJNwtO9w2TUS4UsCm4vQzcT4rQADvrXaMAAvYaO9g

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:06 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 bookx2.png
s0.2mdn.net/10388772/1619617588040/ Frame 14F2 38 KB
38 KB 148ms
18ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10388772/1619617588040/bookx2.png

Requested by

Host: babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
URL: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2400893ec9b15c0e451cc8b5d6885c1faec933300af1d59d7be7a24dfc4111c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10388772/1619617588040/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 22:03:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 28 Apr 2021 13:46:28 GMT
server: sffe
age: 47872
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38658
x-xss-protection: 0
expires: Tue, 04 May 2021 22:03:14 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6627 0
60 B 117ms
68ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:21:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7616 0
60 B 79ms
72ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:21:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 105ms
32ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021042801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e9b12bc7f1469fb39b9c6022edbf2de06b86b58c2a999c478af1dc47c9d47f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 May 2021 11:21:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7582
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 3A39 0
150 B 59ms
13ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.dailymail.co.uk

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=www.dailymail.co.uk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1716
date: Tue, 04 May 2021 11:21:06 GMT
content-length: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Tue, 04 May 2021 11:21:06 GMT

GET
H2 200 content14_10_18m.js Show response
vidstat.taboola.com/ 37 KB
8 KB 40ms
40ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/content14_10_18m.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_6_3/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:07 GMT
via: 1.1 09f4ecc806a7e34780fd19a93b984724.cloudfront.net (CloudFront), 1.1 varnish
age: 2218909
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 7638
x-served-by: cache-fra19126-FRA
last-modified: Sun, 14 Oct 2018 13:31:31 GMT
server: AmazonS3
x-timer: S1620127267.336426,VS0,VE0
etag: "d8d81221ec6e604811ce469d899c9c8b"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA54
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: -TROi2rJAwAJZGjvQ1UUl45pz7OKYS6cCd8hK2LTON4-GEHuquvUjw==
x-cache-hits: 639054

GET
H2 200 oppsula.js Show response
vidstat.taboola.com/oppsula/1.3.8/ 15 KB
5 KB 33ms
32ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/oppsula/1.3.8/oppsula.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_6_3/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f60c4600705d04f5c55db54f646fec728f9458c4fbba35adb4ac114077cb2391

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:07 GMT
via: 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront), 1.1 varnish
age: 4391362
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 5164
x-served-by: cache-fra19126-FRA
last-modified: Tue, 14 Apr 2020 06:07:12 GMT
server: AmazonS3
x-timer: S1620127267.348906,VS0,VE0
etag: "328b70146f77a19d2bc0172c656d921e"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: aMkVreRZ2W_s9kpAVgUTQiU-V01sC2tQqC4rwufH-1HkDTxCNvJRIg==
x-cache-hits: 7408023

GET
H2 200 OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v88573.888/ 547 KB
112 KB 46ms
44ms Script
application/javascript 151.101.13.44

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v88573.888/OvaMediaPlayer.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_6_3/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 8d315a49f56792fdc46acdb7d1f3caa5979f969cabce5b7f90cbf6d854b63e08

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 11:21:07 GMT
via: 1.1 varnish
age: 7296
x-amz-meta-mtime: 1620119914
x-cache: HIT
x-amz-meta-ctime: 1620119928
x-amz-meta-mode: 33188
content-encoding: br
content-length: 114386
x-amz-id-2: fv6taU1jw9ib4BuhKm24Ri71mqcrmORdzWPoA6xqJdCvLBhNlw3Iq+5z6hsQPNAgtOMgKwy5lJY=
x-served-by: cache-fra19126-FRA
accept-ranges: bytes
last-modified: Tue, 04 May 2021 09:18:49 GMT
server: AmazonS3-br
x-timer: S1620127267.465678,VS0,VE0
etag: "4239312185e7e338390c12e9e2f87eaa"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: A5HK9767JKZZT5VN
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 2995

GET sync
am-match.taboola.com/ Frame 2A3F 0
0

POST
H2 202 /
crta.dailymail.co.uk/ 8 B
572 B 102ms
100ms Ping
text/plain 2a02:26f0:6c00:288::16c2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://crta.dailymail.co.uk/
Requested by: Host: scripts.dailymail.co.uk
URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:288::16c2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: http-to-kafka/0.8.10 /
Resource Hash: a00fb0c50741f81bb51d35b4475a4357f8039aabd896a21036bc516839401595

Request headers

Referer: https://www.dailymail.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 May 2021 11:21:07 GMT
server: http-to-kafka/0.8.10
etag: W/"8-YaBXLEiT7zQxEyDYTILfiL6oPhE"
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 8
expires: Tue, 04 May 2021 11:21:07 GMT

GET ptv
secure.adnxs.com/ Frame 1BFC 0
0

GET
H3-29 200 index_atlas_P_.png
s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/images/ Frame 659D 668 B
692 B 8ms
6ms Image
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/images/index_atlas_P_.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

66a988309a6f83da7c9a3d68dc8de47356fcae05a37898eeef0571f436100400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 15:12:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 14 Oct 2019 11:57:47 GMT
server: sffe
age: 72524
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 668
x-xss-protection: 0
expires: Tue, 04 May 2021 15:12:23 GMT

GET dc_oe=ChMIs9SMqPSv8AIVwfZ3Ch3BNgqrEAAYACCRttpGQhMImMrypfSv8AIVQ3HgCh1KtgXm;met=1;&timestamp=1620127267824;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 77F9 0
0

GET
H3-29 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/222/ Frame C802 12 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:802::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dailymail.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.dailymail.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Tue, 04 May 2021 11:18:18 GMT
expires: Wed, 04 May 2022 11:18:18 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 170
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST VideoBidRequestHandlerServlet
wf.taboola.com/ 0
0

GET avjp
taboola-d.openx.net/v/1.0/ 0
0

GET
H3-29 200 fee_786_587_png_1583280060047_fee_786_587_png.png
s0.2mdn.net/dynamic/2/10601577/assets.mmsrg.com/isr/166325/c1/-/pixelboxx-mss-77981676/ Frame 659D 51 KB
51 KB 7ms
7ms XHR
image/png 2a00:1450:4001:812::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/dynamic/2/10601577/assets.mmsrg.com/isr/166325/c1/-/pixelboxx-mss-77981676/fee_786_587_png_1583280060047_fee_786_587_png.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Fri, 30 Apr 2021 10:22:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Mar 2020 00:04:03 GMT
server: sffe
age: 349116
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51742
x-xss-protection: 0
expires: Sat, 30 Apr 2022 10:22:32 GMT

GET
DATA 200
OK truncated
/ Frame 659D 32 KB
32 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5105c3b57f4889bce72a772480e45918c3c1ed4ccfe81282ebcd1508c3cb050

Request headers

Origin: https://s0.2mdn.net
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
BLOB 200
OK fbc765fd-fa24-403d-b42c-9f81e9d7b6fe
https://s0.2mdn.net/ Frame 659D 51 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://s0.2mdn.net/fbc765fd-fa24-403d-b42c-9f81e9d7b6fe
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 51742
Content-Type: image/png

GET dc_oe=ChMIh_LUqPSv8AIVRoJ3Ch2NvQiCEAAYACDVsf9DQhMIqNmSpvSv8AIVBmbgCh355Ara;met=1;&timestamp=1620127269334;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 606D 0
0

GET fee_786_587_png_1576368105803_fee_786_587_png.png
s0.2mdn.net/dynamic/2/10601577/assets.mmsrg.com/isr/166325/c1/-/ASSET_MMS_71157060/ Frame 659D 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: klkstrm.kargo.com
URL: https://klkstrm.kargo.com/event/boot

Domain: klkstrm.kargo.com
URL: https://klkstrm.kargo.com/event/sync-success

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJAWTqF2PQ_bV8rwFMTiK8GWQZTc7P_Ic2kXcUQORe7IX64rWddaYEFcSMZzTfAfZVNtvciCNYxbrM_bG1AmClT4p_9itLDJQ&google_hm=4UZqFLavyfwBW1dKzfo4_Q==

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJEuIc1L46vmtmCBWeMeyQAABLIAAAIB&google_cver=1&google_push=AQvitUJJj6oao63Aq1BpDyO_WlBMkPUL8QSM4VSYY5XWFKWiNPjaEowSAkn6iHkvOqXWCpt9Mro2lYIhGCCenyt8-s-bbu6oksFPrg&google_gid=CAESEOqYSvT21GDavXIYrNEa5XA

Domain: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&excid=22&docw=0&cijs=1&nlb=true

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/ptv?id=20585164&gdpr=1&gdpr_consent=&cb=9540448&referrer=https://www.dailymail.co.uk/wires/reuters/article-9539403/Brazils-Itau-beats-estimate-lower-provisions-trading-gains.html?_hsmi=88974744&_hsenc=p2ANqtz-9s93aHlcKvSwiyx3MxI0_XFx5iFCV2oTg9AJN5ZdV5i7TG2_SGKVj5Rh-hhP_D5bzGYn9Kk-bVnIRbk3x4NKShfoxehlDoT1bjFYFuQm0ActbXdvI

Domain: ade.googlesyndication.com
URL: https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIs9SMqPSv8AIVwfZ3Ch3BNgqrEAAYACCRttpGQhMImMrypfSv8AIVQ3HgCh1KtgXm;met=1;&timestamp=1620127267824;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Domain: wf.taboola.com
URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=420&height=236&pubid=169497&tagid=953497&crid=4706985&noaop=3&sortOrderType=0&cb=1620127268110&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=88573888&pt=662355669&tz=120&viewable=true&ddast=V7RhICFgOanDjB4zh1jASanDjB4zh1jAUAAAAGBuIHGTlizCgM4oKw2Uxmm9FmuNnsBsvhajmEjBwxZhQGcUHYbCazzWiyWSxWs-VoNJwCh7DMft9BQTk9PWaXQVR0vS12h9PsOUjmJjfkoel0-Fz3et3vdxc5nGbn2-E02zV-u-rr1z0tL89f8nKdXpbPX2E5PT1ml1u52ixHg81eQnlYn2bPW0l6uN4Sl8P0eas8p6fbYXq5xX7fy_IWXP62p-fpt3veosvD5LT73DqH0-65C01vsx0AAAAAHgCOpFMhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAACkQvNAAaOAzs6bLbHf4AAHgoAAEAEMAgARhQOyoBkFBIPAEAAAAAAAAAYPn___-PAdDj_5UBuJDr7wF48AF4ICpQLWIEAAAAkLWLKn40qRMqiyoAAIJ0K4ArAICAvJuN77EwAAAAgrEFelj8frPDrvG7XQYAAAAAAAAAYPZ_9o8mBHStkBYkWD-s9gsIALD2CwgAwKZuAABvAXBBZyCT2WI4Wt0ATRazAwAAALj7____1wPBlWNkcjlmtuFiOdnshoPBajQzeRyWxWY5XCw23oPjuzRHSVx56OMQltnvOygop6fH7DKIiq63xe5wmj0HydxkvwlbjFaTyWY5nC0Xk8FwNByN9ieAywFOxGC5nEwWk91qtBpthrvRbLBAgRhMcEKGo81kNdqtdpPlcDIazTaTDVK0ajUbbQbD1Wwy2-1Ww8FwORohRWsWs8lkMRstd5vBcjIaDCfDIcKEzWVyrCa2tWjhWKxFw8FgLfFYPGvhyDJxrVYzz8jmcIteH9NvuLB4hgsvCgbQ7UVwkU5EDqfZ-XY4zW7J33cRSzQni3Qiu-yLK8fI5HLMbMPFcrLZDQeD1Whm8jgsi81yuFhs_A2by-RYTWxr0cKxWIuGg8Fa4rF41sKRZeJarWaekc3hFr0-pt9wYfEMF_7GbDJYTHaT0WTfmE0Gi8luMprsO3SG7-pzNtqi3XPHZ5h9u6WpzHxQuAwW70S9Gt6OkoNfWjU6fV6PsqAz-v1-v9_v9_v9fr9B6zmYDQrf8_AXTh_LczmcjR6MilgiOF2kE9HLeLqIJZKnRToRmSyuhcexGs42o-HE4zHZbBbfZDTbrRzOkcNhsYglStNFOtHrnpaX5y95uU4vy-evsJyeHrPLrVxtlqPBZi-xPKxPs-etND1cb4nLYfq8VZ7T0-0wvdxiv-9leQsuf9vT8_TbPW_R5WFy2n1uncNp99yFprfZov6jAy7niuFurpgN55LJbJUAAAAAAAAAAJYwZ94EAAAA4DSQyWa4WC0X4MFoT_dHNBCMoEQiq7jx4wZyOM3Ot8Npdkv-visDPBjdMW_2TBBrtVrWAAAAAtgAAAAB3Lp5B-TIAQ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&dtagid=1182345&dpubid=223815&abtst=adh5c-1_vA!insc_vA!pl88573-888_vA!scrn_vA!spa2_vB!ufm_vA!widgetVsMoat_vB&mPre=0.033&cirf=https%3A%2F%2Fwww.dailymail.co.uk&en=1

Domain: taboola-d.openx.net
URL: https://taboola-d.openx.net/v/1.0/avjp?ju=https%253A%252F%252Fwww.dailymail.co.uk&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=&nocache=1620127268193&gdpr_consent=&gdpr=1&us_privacy=1---&pubcid=00459da9-b55f-48e6-8297-ee99162cddbd&schain=1.0%2Cundefined!taboola.com%2C1001083%2C1%2C248250343%2C%2C&skippable=true&playback_method=auto_play_sound_off&auid=543963954&vwd=640&vht=480&vos=101

Domain: ade.googlesyndication.com
URL: https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIh_LUqPSv8AIVRoJ3Ch2NvQiCEAAYACDVsf9DQhMIqNmSpvSv8AIVBmbgCh355Ara;met=1;&timestamp=1620127269334;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/dynamic/2/10601577/assets.mmsrg.com/isr/166325/c1/-/ASSET_MMS_71157060/fee_786_587_png_1576368105803_fee_786_587_png.png

Verdicts & Comments Add Verdict or Comment

243 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 18:02:08	Name: test_cookie Value: CheckForPermission
.openx.net/	1970-01-20 02:47:43	Name: i Value: edbcdf71-b6ae-4f25-bdf9-d3157ac431ba\|1620127265
.dailymail.co.uk/	1970-01-19 18:12:12	Name: RT Value: "z=1&dm=dailymail.co.uk&si=c7a9913f-6c94-4770-9dea-79855d5c2840&ss=ko9xxc6a&sl=1&tt=nb1&bcn=%2F%2F6852bd13.akstat.io%2F&ld=ncw"
.casalemedia.com/	1970-01-19 20:11:43	Name: CMPRO Value: 1202
.casalemedia.com/	1970-01-20 02:47:43	Name: CMID Value: YJEuIc1L46vmtmCBWeMeyQAA
.casalemedia.com/	1970-01-19 18:03:33	Name: CMST Value: YJEuImCRLiIA
.dailymail.co.uk/	1970-01-19 18:02:14	Name: ak_bmsc Value: 09782CF8C8005C6D31916DDE6B86DD090210BABF1B200000232E9160C6F45B5A~plB3dMd9Wak1gUY/1dExl+ko6M7p9hi9pIEvQx1o6Ssr0LlhdIvVVpjfpzqc1OT722fSsUzN4dm/R7oJw83G4aFBpTlxnXowqtl1+zhOpdh6GFwvatsI1UTYKnZn7oCueX98nPg6aLRAtv4izwo7ZIG/f8X+rafxIAy26EzUfLyLMVjtnkDTXe30QcOxVjD4/fVh9dNb+eOuUlfehLAiH+KjoAAbmPf3+BwEJqM1pkLsAa+swEnxahZjEX59Wv7yDg
.casalemedia.com/	1970-01-19 20:11:43	Name: CMPS Value: 5181

46 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://info.silobreaker.com/e2t/tc/VV_V9c2YbtkwW98rf9L3kW_H7VtG5yr4r920LN52hRhQ2-HwLV1-WJV7CgKhkW5DGCy06__p6pW1y49YL2SL-X5W648zjV34BVXDW6sjwMl4y-t_yN3VjbhpDl6TfW5z-1t47_vwdmW7xPvGz2-9xpmW3Jlm7l38K7gzW748sl46w7Z45W79pKmf4f8_QjW6hFMWG5h0TrHW7R7vdT89L4VTW1RX9ql7F3rhSVghhNK8NCxVnW1Ds7y65kJ0cQW4BB5Y53xw6rcW7BB_8f2ShH5GW3wb_YN5CDmRrW9fMQGS4YTcwgVVjh0W3ZL6KYW2ryqDx29pMPWW1_tPKp2-vtVLW3Fl5zQ265YCxVTnDmY8zvWRMW6GsnlF5m4gJXW7PHYgd3NM4t4W74MjC_4s6blWW4JFD_r5YZxKL3fLN1(Line 13) Message: toS
console-api	info	URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.js(Line 1) Message: Current log level: ERROR
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.js(Line 8) Message: [mol-fe] ERROR: Error reinforcing cookies TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: unabled to parse repromptVersion
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: Error calling pluginSetup on plugin 'tcfv2': TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: Error initializing plugin "paidSessions": TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: Error initializing plugin "abe.conversion": TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: Error initializing plugin "analytics.cacheIndication": TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: call for page analytics TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-fe/static/mol-fe-sync-bundle/5.13.0/desktop.js(Line 8) Message: [mol-fe] ERROR: could not find Omniture visitor ID
console-api	warning	URL: https://cdn.permutive.com/5f42864d-a421-4f37-9478-00266f871d68-web.js(Line 1) Message: Permutive was not initialized. localStorage not supported
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: [players.onlyOneActivePlayer][🔎] Error: No end point registered: ["get IrisTV tags",null]
console-api	error	URL: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/scripts/mol-fe-videoplayer.min.js(Line 1) Message: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/scripts/mol-fe-videoplayer.min.js(Line 1) Message: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: Error: Exceeded 3000
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: [players.onlyOneActivePlayer][🔎] giving up awaiting for new paragraph, article might just have ended with no suitable placement Error: Exceeded 3000
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: call for page analytics TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/scripts/mol-fe-videoplayer.min.js(Line 1) Message: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/videoplayer/6.12.0/scripts/mol-fe-videoplayer.min.js(Line 1) Message: Cannot read property 'getItem' of null
console-api	warning	URL: https://storage.cloud.kargo.com/ad/network/klick/klick-dailymail.js(Line 1) Message: Could not create local storage item TypeError: Cannot read property 'setItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: call for page analytics TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: call for page analytics TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: call for page analytics TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.5.js(Line 32) Message: a: 0.001953125 ms
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.5.js(Line 32) Message: a: 0.003173828125 ms
console-api	log	URL: https://s0.2mdn.net/10388772/1619617588040/index.html(Line 11) Message: DoubleClick standard loaded
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: call for page analytics TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: call for page analytics TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot convert undefined or null to object
console-api	error	URL: https://scripts.dailymail.co.uk/static/mol-adverts/4.1.50/mol-adverts.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.html?e=69&leftOffset=0&topOffset=0&c=f1bpiMqy4a&t=1&renderingType=2(Line 97) Message: [object Object]
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.js(Line 1212) Message: preis 55
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.js(Line 1212) Message: preis 229
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61269472/20191014045747622/index.js(Line 1212) Message: preis 499

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
a.sportradarserving.com
a.teads.tv
acdn.adnxs.com
ad.sxp.smartclip.net
ad.turn.com
ade.googlesyndication.com
ads.adaptv.advertising.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
aka.spotxcdn.com
am-match.taboola.com
am-vid-events.taboola.com
animate.adobe.com
b1sync.zemanta.com
babd3128f925cf237c2a7ef586b7ff3d.safeframe.googlesyndication.com
beacon.krxd.net
bh.contextweb.com
bid.g.doubleclick.net
bidder.criteo.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.bing.com
c.go-mpulse.net
c1.adform.net
c2shb.ssp.yahoo.com
c3.taboola.com
cdn.jsdelivr.net
cdn.permutive.com
cdn.taboola.com
ce.lijit.com
cm.adform.net
cm.g.doubleclick.net
connect.facebook.net
crb.kargo.com
creative.dailymail.co.uk
crta.dailymail.co.uk
d38k2esv5oh9bn.cloudfront.net
d5p.de17a.com
des.smartclip.net
dis.criteo.com
dsp.adkernel.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.serverbid.com
e1.emxdgt.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fff.dailymail.co.uk
fw.adsafeprotected.com
gcm.ctnsnet.com
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gu.dyntrk.com
gum.criteo.com
hb-api.omnitagjs.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
hulkprod.anm.co.uk
i.dailymail.co.uk
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image6.pubmatic.com
images.taboola.com
imasdk.googleapis.com
imprammp.taboola.com
info.silobreaker.com
js-sec.indexww.com
js.spotx.tv
klkstrm.kargo.com
krk.kargo.com
macro.adnami.io
mailonline-uk-d.openx.net
match.360yield.com
match.adsrvr.org
match.taboola.com
mfad.inskinad.com
mwzeom.zeotap.com
p.skimresources.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pre.ads.justpremium.com
prebid-server.rubiconproject.com
prebid.adnxs.com
pubads.g.doubleclick.net
px.owneriq.net
r.skimresources.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.mfadsrvr.com
rtb.openx.net
s.ad.smaato.net
s.amazon-adsystem.com
s.c.appier.net
s.go-mpulse.net
s.skimresources.com
s0.2mdn.net
sak.userreport.com
sb.scorecardresearch.com
scripts.dailymail.co.uk
search.spotxchange.com
secure-assets.rubiconproject.com
secure.adnxs.com
secured.dailymail.co.uk
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssl.google-analytics.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.adsafeprotected.com
static.criteo.net
stats.g.doubleclick.net
storage.cloud.kargo.com
swa.and.co.uk
sync-t1.taboola.com
sync-tm.everesttech.net
sync.adotmob.com
sync.mathtag.com
sync.search.spotxchange.com
sync.sxp.smartclip.net
sync.taboola.com
t.dailymail.co.uk
t.skimresources.com
taboola-d.openx.net
taboola-supply-partners.tremorhub.com
te.technical-service.net
ted.dailymail.co.uk
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u.openx.net
uipglob.semasio.net
uk-script.dotmetrics.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
video.dailymail.co.uk
vidstat.taboola.com
visitor.fiftyt.com
wf.taboola.com
www.dailymail.co.uk
www.facebook.com
www.google.com
www.googletagservices.com
x.bidswitch.net
ade.googlesyndication.com
am-match.taboola.com
cm.g.doubleclick.net
klkstrm.kargo.com
s0.2mdn.net
secure.adnxs.com
taboola-d.openx.net
wf.taboola.com
104.111.230.142
104.111.242.53
104.19.150.54
134.209.129.254
141.226.228.48
142.250.186.162
142.250.186.66
143.204.202.19
15.237.76.117
151.101.113.108
151.101.114.49
151.101.13.44
151.139.128.11
169.50.137.190
172.105.213.147
172.217.23.98
174.137.133.49
178.250.0.165
178.250.2.151
18.156.0.31
18.159.8.206
18.194.117.230
18.195.155.181
18.195.223.2
18.196.184.242
18.197.64.250
184.25.115.31
184.30.21.51
185.183.112.148
185.255.84.151
185.29.133.58
185.33.221.15
185.33.221.91
185.64.189.110
185.64.189.112
185.64.189.115
185.64.190.80
185.86.139.115
185.94.180.124
185.94.180.125
185.94.180.128
192.132.33.46
198.148.27.139
199.232.137.44
199.60.103.254
2.16.107.122
2.18.232.234
2.18.233.180
2.18.234.21
2001:678:cb4:bbbb::11
213.155.156.168
213.19.162.31
216.52.2.39
23.21.47.199
23.79.143.124
2600:1f18:612b:4264:7659:1bf:d736:fba9
2600:9000:2070:ba00:8:5c85:cdc0:93a1
2600:9000:211e:400:8:48e:53c0:93a1
2606:4700:10::6816:1857
2606:4700::6812:5ba
2620:116:800d:21:f916:5049:f87f:108e
2620:1ec:c11::200
2a00:1288:110:c305::8000
2a00:1450:4001:801::2002
2a00:1450:4001:802::2001
2a00:1450:4001:802::2004
2a00:1450:4001:808::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:812::2006
2a00:1450:4001:829::200a
2a00:1450:4001:82f::2001
2a00:1450:400c:c08::9a
2a02:2638:1::13
2a02:2638::3
2a02:26f0:10::5c7a:d698
2a02:26f0:120::5435:8c78
2a02:26f0:1700:1b6::16c2
2a02:26f0:6c00:1bb::11a6
2a02:26f0:6c00:288::16c2
2a02:26f0:6c00:2a6::16c2
2a02:26f0:6c00:2b9::11a6
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:3::621
3.123.110.9
3.124.9.99
3.125.137.77
3.127.73.204
34.241.183.220
34.246.207.243
34.254.6.162
35.156.12.76
35.156.143.112
35.157.48.14
35.158.21.212
35.186.193.173
35.186.253.211
35.190.59.101
35.190.91.160
35.201.67.47
35.201.96.126
35.244.159.8
37.157.2.234
37.157.6.246
37.252.161.190
51.178.20.140
52.202.1.196
52.222.183.91
52.28.147.142
52.28.203.152
52.59.102.119
52.85.32.122
52.94.232.32
54.196.119.86
54.228.50.17
54.36.109.49
63.34.51.8
64.202.112.63
65.9.76.122
65.9.84.59
66.155.71.150
69.173.144.138
74.125.206.157
76.223.111.131
77.243.60.138
01672781a7a8a9684a66758cac7f381fd141cae2dff35f4c306a9b7a1d6aa996
01ae4bee7f4b463778e1e929d83b4eedcaf598d05ae8e748030259b5b5f0b083
03482ceb4519a7706406f47e5992b55e9e5974abd56c45af482a7e1a09d836e6
0359a5df4099c64b2cf302dad468f050ba46573f01e67a68945af6c5b44edb8c
03fa924099182c607c33fb7877f50e7de0ae3522e1bcff8f7247ae5e88a2b25b
03fc1e182139635f952dbf3dd180dac3a07a85f3b8a56c71b159df59e4016f4e
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05b1936a5e4229dc34d8e5fcfc22ce024634ea618687f37e31857402b27c4dba
060b84c1bf53e12b7dbf7e3bc9a16f0b49b3f5f04f23780a68db74a5b9d0eb07
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08cbadc6957dd17b23964ba5763146e595ce4be96dbbb12f297909b1f70eff25
0909bafa804131db2f7e58c3f810a9df87603b094dc90f7d36421f52d0b8f185
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
09f0fa32fa39db3e3da2eea89bf806be0b147366343a0934e30f164a12431b43
0b7e7d1bedae2fca5895468c68d7a3f06c5fa573a19fbdc1ea4da51441d59458
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba8353fbf5542da5fa96164a1d35fd9da723d03f90028eb653c010ffd0b03e6
0bf60782546bae441a6ce4783c2169777d728af37759e9805acbdaa48122cf36
0c7912ff68380c2a84d28cf812215fb6d230d5750f9f67b328970e01d0da5a37
0cff03129f16a73a8ff89d06578b0b1a1127bddb582fd05f0ab62f8ccc6b62f7
0e3cab5c0fd33b6612d1d8852eeac9df1678260388794fa2cad6fa993355192d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
111041158b9290ae7cc0c6da69d7c4f5600e8a73b4c7399d675df7f15ba7b063
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
135972483c23583574b80b408a96b6e2f1f67969574a4f99d631b51fcd52fb85
15ff37373be5f7d4a45a35a9e8fe96d846a58aaf50576f9ff252799dda130fd1
16c5a237be7793a91007520ce4a4bac39d2cb374d602152dd883bd4b8cfefbc1
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
189f0e44e9a56486e6316ceb9b55ddff8b1cd271843794e3d6c7e5c77a4461d5
18c6009e69fbdff5d7a28e1d10073711761393ef9e29daac23220aa33515c8ec
1c2525b3e7631f2411872aac663bded4c73bd4e4f26182862b28db7f406d1c61
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1f9f8deadc6899f3755e55b8f4b6b0e1188e0eda11d91db5dfa8fbaba2800a1b
2178f801607bf5a9518709910037fe7b5c632b08475f88b8bb8bd1e91c629bc5
2400893ec9b15c0e451cc8b5d6885c1faec933300af1d59d7be7a24dfc4111c7
28dc67ccab666c46cfb930276b96b6032720d9e114a6950092241f73a6d7ae1b
2a2d04bb04d52ca53c1aaf2f8de8574e929f1136e08c828f36bfe0b03d588835
2a4e4e918a6f1aaf5a314c46aa8d51fdb73cb0a535dc03f80d96e129861a6aee
2b16c2d174e20b667fbd54e3a60aa4e8cd208f48000d1021a71d22698a0a2b4a
2b3c9240fab83d50460c6f2673e65613bb8e074c4a5dd8825ea65ecc67e1152f
2c58bac813be0f32f27a496e3fa587a294931b5fa9d5b429af347f74aa40e720
2f59ac8dad7d832c75edc7cf917c512a3788d03ce0862b38c1bfccc54eb01d10
2fbc9d4b85346730a13be4b09ce98149df1616a3f959b44d016a142615cb19aa
2fe41eaa4fae47e27de200173031bbd315c11e87836b3225c1788fce05e1be1b
301bcaba167a487d6f4addb25f0dc477e34024742512d67fc77f6f9b8c62b50d
302fb5a88053319c4328d4cf7140290569e42648a82108749de500da4c6a4d05
30d338b00a660b32e275122c9e5e66a0ccc9abde9da532eade2fa81dd8cc45ed
335d24049e5fdc0dbd9b823cbaaacbb1e3f7fbbf771eb3070643eb7a2d73a2d3
3381376497b5b338f301a29f4b399d81331e55a568f02df5db466149e5826f13
34d956fbe769d5f28df24429d0e8ff6278b9abf435fd6537d8be621280309bb2
35ec657bf3d575b82683bdd895a48b461934f996bb6935823abd197205b3ff98
391a83696b164e7a3f26c1120ac6981bb8af693f7bb0d98a2479ca202e47b46b
3a3df2358c5f4bbe68b0ab7bc9fa2a7da073e4032e2a05ad42a81e8cd587b0da
3bdcbfffbefca1c60d3f03814cf0cd078093fdfea775bc024903d56c4be1fdee
3bef17768ba2886e19c2454f4c6348bdc66f72a6c1683c1899355e6c1e653380
3d289a556ad2a665ae0d41c4747dcfba2b9ee8768e41c86842fc39bbd802a9f0
3d622f18ebd9afa499e74f59f24865944d84b2baef1cd01a868a9d912affb09d
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e5f52f4005613f641902e1064c554a13f2b8adb79d4267294128593a42b8529
3e8727f8b7f18ee05acf666909ea1e32ce876068386a1e0d57e1bdbb793bf0b3
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4525030cea05b69acafaa24a8a68dcf421765aa53c461c40c2d7bd4b07a073a0
465383ee13661135e9255169ac58099980e7e4a37e547a9ef4066d16e2487cc6
4717410c1ef684a572d4662c8bc6860a753e6ea7e9640d699c4f2a0e4d08c9e2
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c3cce7c2373fc4acb18cddf35cb7c8b28fea5e8ba592c520168c79a05cdb7b4
4d0daed9afde019977a90bc831704ebf8ee9082f34895ede507f50ca91e7ff32
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e7681cdfb27c5d0457c58c9f0fe26a68bbf6a8dc88defd3c43826adb1fe6ca8
4e89866ffba8b06a31d366ea9f6f5331f87fe29877bfce5381b78a46ddb7fd19
4e8cd0103df59ec6a83fe58337a67ed38e2e92e3b51a101fa773f5ee1a464ef3
4eaa63fe224cad73f3348b716855de0ace8a3169abfc0d7b2845d083172f53dd
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51c0b2aff96820d7f1f659ace626ea27b5e785e47a66b934ffc3adc38485397f
52efd6959ae8fb441d9b7bce3624bcbda0b601316751028b16b31484124019c5
541c63ae81fe7799a19523dc8f2500646043eaa70d36985c3f2fc86264e4e71e
542627409824830fa0c954d28930df7b3b2b3c4acd133ffff654c0978030bbe3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5887b03f44a197fcdc5400caec10de1c69f29619c1fdc868d4d461130e0f9efc
5a813a165c4b7c37247c53dc8a085d071216f041ef968edf187deafaed45f04b
5cce516a4dd1e3b1b44c07bcf7e4a837842c3308d536a4786068320b2c72e379
5d25942b7da85bc7cdb258cdb436227b1de7e3a2b50c61f7d7050eff911f88f1
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5e8aeb859e55a6671b89115d84e0fd7e5435ea99b3b49e7ebd3d4c22e41185e8
5e9b12bc7f1469fb39b9c6022edbf2de06b86b58c2a999c478af1dc47c9d47f2
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
6114e06307953ebc3f334094b18d68073d59d495277d2c38e930f75f85042f18
6115f6b49d2b00eec133d5b79c7002029a422da5e30c3d16bfae37da68f9ed79
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
6258018e9f890f2383a09a2be6df7792affd977d856e7247ace8341f5b5487f0
6264e9823efd518d4428f9469b663c3ca302be4988f6597839b6ec27415dc4e6
62675c01ca7a9e7af102c699f55fa970eee7f0106984839722e018e733744c03
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
62e5b5020499d0dbd26922152f199b559ee4922d9132b4242364edf88dc63121
6307b1ac082c5891b4daba102ba86b20ae4e99562429dc5ffc3cee7243c0a255
64f8c8e42495b86c2c857cb038d8f091a374725734c55884faa022d51d2e7c17
66a988309a6f83da7c9a3d68dc8de47356fcae05a37898eeef0571f436100400
6924aeec6e6de01dfd439327c170d8adc2f9dd8415e9903e3b24f2c3b6506389
692c21097fd1b5daabe6c434af68f948dd87daf295dda7baa28b787c3af18be2
69db3883f8e78925e1aa1d370d19c872391542f220d3ab81a4af30b8047bbe6b
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6af402bc9fc3ccbe2ce7c64e57671d422cec8f5732261786c84dd561c7641908
6b0381255672e5d8aff0ccfa4745701fb8acff727bae521937e4a3a0ec217150
6b8474a0f9c6b3c69e02409f7eeb8faa908b8b18e64fdf7cc88a9129585fc7c3
6c4d4d460c56e17376f8ede9fb94328f99ccd3eb52c3ec3451c0008a67550e16
6df84dfc81c732938c0f5738070b994cb43dd35ee28742d73fca763f30c84981
6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7517b36c59e9fdb5d3b3d5c8cf65d45ae163d5ed248b0f94e6040fb0ded44122
7550f69bef2a962b936f0e26638391f81c91c536820c1f3cf2afe748e57df685
7556040f100c526d6c43801b49e823496482ff48428f130b3c9ac177fff251c4
77f951b4aefa28403632bfc068196aaf2051e44078527250c041ad4930d4e186
7a745591034534431b4e5e32815599cef3101631f9e6a9052a687d96dac1a3ea
7b447444d5b1400841e82296402ca042c6ffc24f16f30b20bc069bf8c3b27cf0
7c1e4a3b4e463b76b1ddeb7901dc7d58e3dc04f9f89d5521558da69b5e1f1c27
7d28edc05fd83f4c00fbde0d37b12d30b6932e1a907ccaa832fc283f55b6519a
7eb5d8f7737978e37ab3141d5de4c8224b88e01b502123c8b7b5cf9aec403b3c
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7f97d48303a312437ef3739a1f61deada231e334e85ecc6aaec5af57793e4545
807c09d7ff525875c105287afb98f3ce3f06de3fe83d7d3e8828a4518aff988a
80c7fe7749a6e8c85fa6473e7bbba5c5dc6ffe20a86036de26d91bd4b9a4e8d4
822dc230271d401ab2cacff336c780f27e65bf85d5120f1f499213171e5d5b29
82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
835f1dfc4109c578b77ba1b24a70cf3c07e73440aa65a94c329c29f763423bc5
85e27c676e226850a78ff98a02e0afdbcb9dca1055f09b9d9820505f391b8c30
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89db1083db4741cbb8efac4796e50b7b8ff0f16c459fa9b8ce91089e6c8f3b41
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d315a49f56792fdc46acdb7d1f3caa5979f969cabce5b7f90cbf6d854b63e08
8d622fa0bef7c65a7072994af27aaddab287f50c3a91aebabeea66fe5dcfdab2
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2dd076b8afdac6697141f79ef8fa559ddf2e243843a72c8a888f1da2819854
8ec3cdfcdc79223ee04ed060812314854cb3b3d9d1914390c755934366fc3693
8ff5d6bef7463c850e8574b6ded6934ae4a7cf8eee235c8a46b44e6d95f4c961
902899b8dd3a6b30f6bc1be0f39f48ce72d0c41357d8bf521cd86f58bb633b7e
914d7c2c79bd31ac4aaf7187154ab361732c0c3f8e608a321844d0f68c71cd6d
92a2d9f0d5a084232a67a9fbd20d6b08ec0edec1484b43ccee6eaa885d7140c4
92df03d560f2a5007f5829e461b2435cfff5f2f51ccb295cced6fd94c126d995
94442ab42e60dd5c6c276c1777c56fc3f9dff44e999524ca6431af82a9bff9af
944c096fbead520f2a787c830dbcb2678285e30e2862f0432385c41a92bc77d8
94597c556eef4fd01fe311a447e7669584180256fd43b20d63891a163816283e
949df1ccf23d571822752903501ed230b592bc352ba1dd90cee047ba37273d76
94a34851022e0a9470d5d87994054b253c62d3a5115a8db1311cc0ef259d702b
9558924c72ef220a337133c2f0355049283525bcec882f0ecc280e8657e44d11
95d607220b1d2e7808de3ec9a6381a11f036d9d84f37f7b3a604b1f91e8d4ecd
965d8f580475533a5f086cc3d84c5b50b3dde5cde78959fb2a1261bcbc8e34e7
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
96d9a7660e674c312a654212871f5eb4b9df4127c39273390985e439940c0e8f
97256e9aa3cc506a6da46b3f8549f5231860a0a4c1f5a1ee9aaae530a148099f
9815535e99404269086f21fd8447bd45350e2f2ff9c0eefcaad1e3431838e79c
981793c8e58a9ebc2fa825db3f2e1de282a682d2158238d497cca1af74844116
98581282b33291590b5ce88948c235aae8503c8325f99203ae41fd9f0bf0eeb8
991cd2d69556d771f42364f7b0f3c31c26839438d4be4ee7daa286ba6d5aa921
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b4bc82613f21a1099d95ab30cf95d9b26d984cd1723b99ca756c365f5b5e246
9dff2251abbde2c57b87b8e340e8cc695637fa72f8ff311c61c37b97ec5810c1
9e5ceae72b8ed5ca278229d2eaa536711b09d9cbaa4365cc96f771a1dbc7916d
9f7c844ddaa3e21554d8f6c0bb5e4519326f5e5c40e24cf7c935f5137e0f360e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a00fb0c50741f81bb51d35b4475a4357f8039aabd896a21036bc516839401595
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a28bdcd6f4cc58a424b0f203aab540996bd40b3c9e94fbfa5397e80efb539da9
a44400fb88aaf018fb0e9aff450c4b708da545d38ab0317d6bc599f093e20030
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a68a99fa5e2f7dbaa1240e322bf9a26b0c907209de1d31183c81940803855c1c
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7607354f1674f61e3877bb6c54e22fef5f5b6b614ce6ec9a36869dffbbfaf9e
a7fd43e3acea54953183588fe5cec485479f76ac5e3205511f4a284d1c17856d
a9e402d2d19f1057cdea09b2152d8cfd35664182564595e19bb83916c1f00201
aa7c984cd510935c132345bc7d579dfcde68742f7b11b599b905310f7164718c
aa875d492861f46495b4c8cd49051f6862104712fd8fe34ce63dcc351166468d
aad096b49b7670b5ce86a47bf59d2ded3754eb187dc7dac160336e5bd08ccd47
ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
aebc793d0064383ee6b1625bf3bb32532ec30a5c12bf9117066107d412119123
aedf94ad839f3db31848e2b9659dd2b576b7047ea6638988aacfd782df9d8c8c
afd2447f77118df6fd4b8710c2b23e7bb4edb557795c643e3d8a7c12df4e6586
b0a9ac514283709cb85750e1a15f4ed549be7d0caa7711a70a3249d15538ac44
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f
b27cc2654c00d737f49cb68b74ba7893c151612b1ad52543f4691f67db0cdf97
b31e58737f6c1740b057fb82f36efdee8ef26c0ff9aa1012eea63109a4797d8d
b42dd6b0014324d446d5df276006608ee2d9d3ad8476d4210c0f2f4167933d8c
b707cea228ebd1afe82a1840449e8c14d79bb62ec828d1ca7c3b6832a6905133
b8cf621c440b8a8a20f6548e3ea4d7211952acdb1515d477c7bb3a1e8b5a44eb
b94472d780db3b45c0920bb2dbd0cb57660d80671491ada0ef15776f3de9e812
babed8ddf22ed2e66590a4f75773661304242a4f4167d52e165652fee492933e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bcd97fa72ce23436b8fabce87d7dad7e87533ab53b6042742068fe641f1ef92e
bd853e6a29ce564bcf89764de568d714aa7ddedeecfbd35224c3e2ff1182b8ef
bdaa38f52441bf7af0793fbf059e5598ffd9d18fa264b14bd55f6b3655fcc958
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be6aaae29a207bdea28a1e545c6f5652abcd30845290ec990892805c895d78f6
beb8f13e1d8ba94cff41b15550fb8091ebd72488d9f7a9bb72345d34427cfd66
bf7addd361eaec0e3137381334b2bfcb24ce2a0d1d5fd7ea769a2f4c8ac3fb17
c03192f2470f982643a9e0838108b93c48ad38c2b592e29ee39c7372b4d31041
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c5105c3b57f4889bce72a772480e45918c3c1ed4ccfe81282ebcd1508c3cb050
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c64308e6ed3ab4dc8c78868174040d8d09546ea9e6ab19682285a675897edc98
c7a40f5d79606b9838630cd0b1776aaf36896964478a8926a28364f97124b2f8
c8166e7e01b89370a629654663cc48d6c8a3008ea13e7e9731a54b6b3100d630
caefdcc9ae00a197310c0e74d02cc5011a10cf2f7494a3c6e28cd68dc7c37540
cb194deb2f39115de851dcf1eca2899907f171b6618c9b79d968e25a6fbbd060
cc4821ac8d2db1189e3bbc9bfaaee9f09600df1c6feadd1931904612e3ff339d
cd6b662e491d7c16d89893aa3c583aba89b7cb060839d34e59c426168b7e3cc7
cd87d763235ea7ed7a6683d425d20e324380cc803397951cf30bdeab9a2bb334
ce03ad949eaf22f8146d090a7491cbd5130e48b064467fa71b8099675d5b9c7a
ce1d83e0598f7d208d682ff6ed246eb1353b76e8ab18c34b237e88ed896a804e
ce94f291de273c1242f831b12c3a40f016fe7d9307c6ffbc41e3de08c658cca0
ceb01576c0e2ca725b405b91ba80afb31cab2dd469c71c3cdec04377e949e9b3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d079ff44603ea2d3e6c5045eddc5ea364eaa152fa973b4aff2e9983fec0ce982
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d256af4d5ff409300d88d5967ad72603da54fdcaafcd9db402177704fba7ee01
d2c99319671e2e748cbd71c89d563843efc0cd38d9f300c6f7faac9ac8cdc427
d34e8a1a381b203e3d1f7c6ed4f077038e91782ea254c7a7e4785462147a385a
d43ac5826a74f4e5dcd9435aabe994b89a7e2030babd441463c621e96eec0375
d4e19725f2267ea85db18c1072e6cad9ce5e3de2ca1184e3c780d415abba9e4f
d53be00999d724ce977d627ed49b50c5456477bcc53f5bd9b18227c9f0cd3b69
d6ae1595d48575a5547705f01006599072fb809e14065f5d2d0f1cb263a6307b
d6fa7c39b1d5e288c739c3a225a90d0698798485d5b17c1350dc17925942b841
d790abfdc60e023d9fa9c1d64689c102a7674a35fad78c21d494a5cc9a428bd4
d88a07b82a38ee86d86f443b1f3613d78ff671ec471df85691a9eed6010285ca
d99c7510222e2bc33b5c4aa002c7d550436ecbad920ddcaa36c7f0c3a68185bc
d9eb40bd6f3fb11c281ea2ebbca11dd35b8c1ea4219aad1a0793eea7b346d889
d9f31147351a2fec4330638fd6ef826b0122af515b29dc6bc7c0a0a4d2b9187a
db5725ff5cbac7e7ffdced90a21a9450c0f7ff1d7bcf1fb254ce88cf2d024673
dbc991c489fc2146df3283bc340a50f0565f10b26228478611eb01846d4d66b1
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de47ae98e70bdc68985cca2f2a431e590c24095e2b66d5e21efa7a09b3efbe51
deb959c047f364b4d81eb0b735fd60c7172cb808ddad43546948d90a38ad362e
dfb749c8597c2c8686580548520a1575a8026ed3efda320792bc9f5bc8cd246a
e05097eb9768b3fc9c6245ecc76f8f18d8233ad5e2e3713aeaa7e3bf2614a7a5
e23d6a22a546762e5fcef2d5d4a189087c29034daa589e0a37b333ec4691ee09
e2c8a6402dc03698cede65efa462b014507c82bd6751286fc540b7f20926640b
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5e93ea1984de2a9d6bfe6db217849a9ae2c723a390703a57abf88dab1829aab
e78b4233fc1f29fc76c418ae37106efe76bf875fbd9f88f38f2202a604462cbd
e86dc3e8811c9d618822d2d46d4c930fbc50f92b1788e4ae9c3c34afd874caac
eabb040008026b9d3698e306632d58862ccbab9796ac27113380c921ff530da6
ec78c49089b75aa4b290087fb3ecb070d703de0732c5fc469e4c961c57f8aa21
ed2304df4683b846b913de22a824f220f30a2a706c45a89905647e55d218e692
ee2d268e4054421f1102ef38c456f8ebbf54500150c99aaeab813495e3fb1ae4
ee403944cf9c0065eee14f507f8eb887d8e333c8627d7347e137380f46a88938
ee80e2de5c026fa3c0786f587eed85d1521d50ba1aba027c2b0714c108c351a6
eec240d95dc4123e12c232d801fa065378ed177c43ce59b9f150f4a83d77f69f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0ad525de68ba8696375358c3cbd0bb29a5b9ccffa4d13dbb45a4bf7793f6782
f14b93801e9784025c598df03936d07555423601800cf2127a631ce61c6404fa
f17cf1cb73dc13f928ef0122375fe550926a471e46d614199bfe8ef69733437a
f2551e570a95e55876763ef239986377bcf73ea6cf301aa75a53f89c70d85f89
f2f6d277e9a00330022be2b7ef4441ed84127e2359bfe7f7800c10f294e81917
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f4be37ae6f3da730d311ea6ff931acc51d1ae189ec3c2d28869cb00e536605cd
f60c4600705d04f5c55db54f646fec728f9458c4fbba35adb4ac114077cb2391
f650676047609c72f3c893b13a7148916bb0a9a5ff1f6ca9c531d07038ba31ae
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6fe3e21b933ace448adb105bc7ce05a89620826bcf8b0712b346bf3173fb2ee
fa605eff0219c30d93dede7f120b5a37a686792a5f4f5895cd67290b640c8daa
fb3b511141266ce7c40a71bd95202eb7ccbb8b851dd797f75aa2cce242d0afd2
fb8e67f054cb1201118639827083de0efa60d7623a5df64f5eefeafff42c8368
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fe92185d07ca1bdd4c5fb355805bd21b3d46fe37b1d99d453c33716de45b382b
fe9f7e697d07c48ae9ff3c4fafecfacd442d88a13a92fecf46cafe43e030cf99

www.dailymail.co.uk Open in urlscan Pro 2a02:26f0:6c00:288::16c2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

539 Requests

97 %HTTPS

26 %IPv6

85 Domains

157 Subdomains

110 IPs

10 Countries

6632 kBTransfer

18573 kBSize

8 Cookies

42 Outgoing links

Page URL History

Redirected requests

539 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 19 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

www.dailymail.co.uk Open in urlscan Pro
2a02:26f0:6c00:288::16c2 Public Scan

Screenshot
Live screenshot

Full Image

539
Requests

97 %
HTTPS

26 %
IPv6

85
Domains

157
Subdomains

110
IPs

10
Countries

6632 kB
Transfer

18573 kB
Size

8
Cookies

539 HTTP transactions
19 data transactions