Submitted URL: https://kayleighmcenany.saferead.org/v2SXJJ
Effective URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?ut...
Submission: On June 24 via api from US — Scanned from DE

Summary

This website contacted 116 IPs in 9 countries across 74 domains to perform 330 HTTP transactions. The main IP is 2606:4700:10::ac43:b63, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.westernjournal.com. The Cisco Umbrella rank of the primary domain is 56770.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 13th 2022. Valid for: a year.
This is the only time www.westernjournal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.184.197.212 16509 (AMAZON-02)
17 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2600:9000:21f... 16509 (AMAZON-02)
3 2600:9000:21f... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:224... 16509 (AMAZON-02)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 52.74.46.15 16509 (AMAZON-02)
1 185.93.2.243 60068 (CDN77 ^_^)
2 34.95.69.49 396982 (GOOGLE-CL...)
2 2a00:1450:400... 15169 (GOOGLE)
9 104.90.104.242 16625 (AKAMAI-AS)
2 2600:9000:21f... 16509 (AMAZON-02)
6 2606:2800:234... 15133 (EDGECAST)
2 34.227.129.115 14618 (AMAZON-AES)
1 198.148.27.140 19189 (PULSEPOINT)
1 99.86.4.91 16509 (AMAZON-02)
1 34.149.135.5 15169 (GOOGLE)
1 23.35.228.23 16625 (AKAMAI-AS)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
4 185.33.220.145 29990 (ASN-APPNEX)
1 34.107.148.139 15169 (GOOGLE)
3 72.251.249.9 29791 (VOXEL-DOT...)
2 185.64.189.112 62713 (AS-PUBMATIC)
3 2602:803:c003... 26667 (RUBICONPR...)
4 2a00:1450:400... 15169 (GOOGLE)
5 13.224.195.78 16509 (AMAZON-02)
2 13.225.78.28 16509 (AMAZON-02)
7 151.139.128.11 20446 (STACKPATH...)
13 151.101.194.137 54113 (FASTLY)
1 8 151.101.130.137 54113 (FASTLY)
7 104.19.132.78 13335 (CLOUDFLAR...)
1 99.86.4.6 16509 (AMAZON-02)
2 2620:116:800d... 16509 (AMAZON-02)
1 13.224.189.9 16509 (AMAZON-02)
1 3.131.187.0 16509 (AMAZON-02)
2 52.3.110.18 14618 (AMAZON-AES)
1 52.218.169.88 16509 (AMAZON-02)
2 34.120.247.19 15169 (GOOGLE)
1 2600:9000:21f... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 18.213.182.17 14618 (AMAZON-AES)
1 2600:9000:215... 16509 (AMAZON-02)
2 151.101.193.194 54113 (FASTLY)
11 172.217.16.130 15169 (GOOGLE)
4 18.207.20.6 14618 (AMAZON-AES)
1 13.225.78.93 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
2 104.244.42.72 13414 (TWITTER)
1 2001:4860:480... 15169 (GOOGLE)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 178.250.0.157 44788 (ASN-CRITE...)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 13.225.78.99 16509 (AMAZON-02)
4 34.243.115.165 16509 (AMAZON-02)
1 4 2606:4700:10:... 13335 (CLOUDFLAR...)
2 141.148.45.191 31898 (ORACLE-BM...)
1 178.162.133.150 60781 (LEASEWEB-...)
4 34.149.20.76 15169 (GOOGLE)
2 35.244.159.8 15169 (GOOGLE)
1 147.75.85.234 54825 (PACKET)
1 213.19.147.43 3356 (LEVEL3)
1 3.73.18.26 16509 (AMAZON-02)
7 54.76.208.161 16509 (AMAZON-02)
4 192.96.200.41 30633 (LEASEWEB-...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f12... 32934 (FACEBOOK)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.225.78.71 16509 (AMAZON-02)
1 13.225.78.94 16509 (AMAZON-02)
2 13.224.189.48 16509 (AMAZON-02)
2 2a02:2638:1::2 44788 (ASN-CRITE...)
2 2a02:2638:1::4 44788 (ASN-CRITE...)
6 2a00:1450:400... 15169 (GOOGLE)
1 151.101.66.137 54113 (FASTLY)
1 3.129.144.192 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
13 2a02:2638:1::3 44788 (ASN-CRITE...)
2 178.250.2.148 44788 (ASN-CRITE...)
1 52.217.87.78 16509 (AMAZON-02)
1 2a00:1450:401... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 92.123.194.140 20940 (AKAMAI-ASN1)
1 104.90.104.26 16625 (AKAMAI-AS)
1 104.90.104.226 16625 (AKAMAI-AS)
1 185.33.220.242 29990 (ASN-APPNEX)
1 3.68.4.6 16509 (AMAZON-02)
2 54.73.172.28 16509 (AMAZON-02)
2 34.117.228.83 15169 (GOOGLE)
6 104.19.133.78 13335 (CLOUDFLAR...)
2 141.95.98.71 16276 (OVH)
1 52.48.133.87 16509 (AMAZON-02)
6 15.197.193.217 16509 (AMAZON-02)
1 185.64.190.78 62713 (AS-PUBMATIC)
1 34.120.133.55 15169 (GOOGLE)
1 6 142.250.74.194 15169 (GOOGLE)
4 4 185.184.8.90 204995 (RTB-HOUSE...)
1 151.101.1.108 54113 (FASTLY)
2 162.210.196.208 30633 (LEASEWEB-...)
3 18.195.155.181 16509 (AMAZON-02)
10 104.92.74.8 16625 (AKAMAI-AS)
4 67.202.105.21 32748 (STEADFAST)
1 152.199.22.191 15133 (EDGECAST)
1 8.2.110.165 46636 (NATCOWEB)
2 2 213.19.147.44 26120 (RHYTHMONE)
3 3 185.29.132.245 30419 (MEDIAMATH...)
6 34.247.205.196 16509 (AMAZON-02)
4 4 23.75.240.210 16625 (AKAMAI-AS)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 104.17.120.107 13335 (CLOUDFLAR...)
6 6 151.101.66.49 54113 (FASTLY)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2600:9000:215... 16509 (AMAZON-02)
2 5 69.173.144.139 26667 (RUBICONPR...)
1 8.43.72.98 26667 (RUBICONPR...)
2 3 209.54.180.144 16509 (AMAZON-02)
4 4 69.173.144.138 26667 (RUBICONPR...)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 35.244.174.68 15169 (GOOGLE)
2 3 52.94.222.140 16509 (AMAZON-02)
1 1 2a05:d018:d29... 16509 (AMAZON-02)
2 99.83.181.31 16509 (AMAZON-02)
330 116
Apex Domain
Subdomains
Transfer
27 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 528
eus.rubiconproject.com — Cisco Umbrella Rank: 573
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1036
pixel.rubiconproject.com — Cisco Umbrella Rank: 336
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 993
token.rubiconproject.com — Cisco Umbrella Rank: 711
62 KB
23 connatix.com
capi.connatix.com — Cisco Umbrella Rank: 4121
cd.connatix.com — Cisco Umbrella Rank: 3762
cds.connatix.com — Cisco Umbrella Rank: 3876
ins.connatix.com — Cisco Umbrella Rank: 5441
lit.connatix.com — Cisco Umbrella Rank: 8774
capi-tier-2-us-east-2.connatix.com — Cisco Umbrella Rank: 5283
vid.connatix.com — Cisco Umbrella Rank: 4773
img.connatix.com — Cisco Umbrella Rank: 4572
471 KB
18 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209
stats.g.doubleclick.net — Cisco Umbrella Rank: 119
cm.g.doubleclick.net — Cisco Umbrella Rank: 205
205 KB
17 westernjournal.com
www.westernjournal.com — Cisco Umbrella Rank: 56770
382 KB
13 criteo.net
static.criteo.net — Cisco Umbrella Rank: 606
csm.eu.criteo.net Failed
pix.eu.criteo.net Failed
95 KB
13 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1686
rtb.gumgum.com — Cisco Umbrella Rank: 1247
usersync.gumgum.com — Cisco Umbrella Rank: 2090
9 KB
13 mgid.com
jsc.mgid.com — Cisco Umbrella Rank: 7521
c.mgid.com — Cisco Umbrella Rank: 4843
cdn.mgid.com — Cisco Umbrella Rank: 9757
servicer.mgid.com — Cisco Umbrella Rank: 7655
s-img.mgid.com — Cisco Umbrella Rank: 6482
cm.mgid.com — Cisco Umbrella Rank: 2048
207 KB
13 revcontent.com
assets.revcontent.com — Cisco Umbrella Rank: 5837
trends.revcontent.com — Cisco Umbrella Rank: 2006
img.revcontent.com — Cisco Umbrella Rank: 7984
cdn.revcontent.com — Cisco Umbrella Rank: 6811
yeet.revcontent.com — Cisco Umbrella Rank: 6274
80 KB
12 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 488
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 520
image6.pubmatic.com — Cisco Umbrella Rank: 629
222 KB
11 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 327
s.amazon-adsystem.com — Cisco Umbrella Rank: 286
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1274
48 KB
10 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 391
mug.criteo.com — Cisco Umbrella Rank: 2727
rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 10664
ads.eu.criteo.com — Cisco Umbrella Rank: 7052
cat.nl.eu.criteo.com — Cisco Umbrella Rank: 8884
65 KB
9 googlesyndication.com
7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 160
pagead2.googlesyndication.com Failed
41 KB
8 33across.com
ssc.33across.com — Cisco Umbrella Rank: 1923
ssc-cms.33across.com — Cisco Umbrella Rank: 953
866 B
8 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 677
syndication.twitter.com — Cisco Umbrella Rank: 869
137 KB
7 s-onetag.com
get.s-onetag.com — Cisco Umbrella Rank: 4156
onetag-geo.s-onetag.com — Cisco Umbrella Rank: 4763
signal-beacon.s-onetag.com — Cisco Umbrella Rank: 4967
signal-segments.s-onetag.com — Cisco Umbrella Rank: 7634
connect-metrics-collector.s-onetag.com — Cisco Umbrella Rank: 3621
signal-metrics-collector-beta.s-onetag.com — Cisco Umbrella Rank: 3592
22 KB
7 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 244
cdn.adnxs.com — Cisco Umbrella Rank: 1344
ams1-ib.adnxs.com — Cisco Umbrella Rank: 5789
acdn.adnxs.com — Cisco Umbrella Rank: 591
76 KB
7 instiengage.com
product.instiengage.com — Cisco Umbrella Rank: 20237
geoip.instiengage.com — Cisco Umbrella Rank: 20982
auth.instiengage.com — Cisco Umbrella Rank: 20992
comment.instiengage.com — Cisco Umbrella Rank: 54821
static.instiengage.com — Cisco Umbrella Rank: 23285
66 KB
6 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 612
1 KB
6 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 367
2 KB
6 aralego.com
hb.aralego.com — Cisco Umbrella Rank: 13481
sync.aralego.com — Cisco Umbrella Rank: 2245
2 KB
5 google.com
adservice.google.com — Cisco Umbrella Rank: 92
www.google.com — Cisco Umbrella Rank: 8
1 KB
5 insticator.com
geoip.insticator.com — Cisco Umbrella Rank: 22766
event.insticator.com — Cisco Umbrella Rank: 17425
682 B
4 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 622
1 KB
4 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 425
125 KB
4 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2451
cs.emxdgt.com — Cisco Umbrella Rank: 950
164 B
4 ingage.tech
ex.ingage.tech — Cisco Umbrella Rank: 9382
2 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49
region1.google-analytics.com — Cisco Umbrella Rank: 2733
21 KB
4 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 179
155 KB
4 cloudfront.net
d3lcz8vpax4lo2.cloudfront.net
d31qbv1cthcecs.cloudfront.net
df80k0z3fi8zg.cloudfront.net
129 KB
4 jeeng.com
users.api.jeeng.com — Cisco Umbrella Rank: 18728
telemetries.jeeng.com — Cisco Umbrella Rank: 16631
120 KB
3 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 462
2 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 96
398 B
3 1rx.io
tag.1rx.io — Cisco Umbrella Rank: 1493
sync.1rx.io — Cisco Umbrella Rank: 540
1 KB
3 technoratimedia.com
insticator.technoratimedia.com — Cisco Umbrella Rank: 22419
ad-cdn.technoratimedia.com — Cisco Umbrella Rank: 2507
7 KB
3 google.de
adservice.google.de — Cisco Umbrella Rank: 7751
www.google.de — Cisco Umbrella Rank: 5448
1 KB
3 rlcdn.com
ats.rlcdn.com — Cisco Umbrella Rank: 1392
api.rlcdn.com — Cisco Umbrella Rank: 856
id.rlcdn.com — Cisco Umbrella Rank: 635
38 KB
3 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 660
1 KB
3 media.net
hbx.media.net — Cisco Umbrella Rank: 1351
prebid.media.net — Cisco Umbrella Rank: 1342
contextual.media.net Failed
warp.media.net — Cisco Umbrella Rank: 2255
194 KB
2 yahoo.com
ads.yahoo.com — Cisco Umbrella Rank: 1058
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 479
1 KB
2 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 550
1 KB
2 breadbalance.com
breadbalance.com — Cisco Umbrella Rank: 129792
27 KB
2 openx.net
insticator-d.openx.net — Cisco Umbrella Rank: 20412
u.openx.net — Cisco Umbrella Rank: 710
476 B
2 fastly.net
confiant-integrations.global.ssl.fastly.net — Cisco Umbrella Rank: 1441
79 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 155
110 KB
2 amazonaws.com
s3-us-west-2.amazonaws.com
s3.amazonaws.com
1 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1029
pixel.quantserve.com — Cisco Umbrella Rank: 443
10 KB
2 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 134
2 KB
2 4dex.io
script.4dex.io — Cisco Umbrella Rank: 2518
24 KB
2 soapps.net
soapps.net — Cisco Umbrella Rank: 43446
18 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 89
118 KB
2 clean.gg
i.clean.gg — Cisco Umbrella Rank: 1370
104 B
2 automatad.com
go.automatad.com — Cisco Umbrella Rank: 42419
b2cdn.automatad.com — Cisco Umbrella Rank: 28296
191 B
1 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 2777
1 KB
1 aralego.net
cdn.aralego.net — Cisco Umbrella Rank: 6191
1 KB
1 lmgssp.com
cookie.lmgssp.com — Cisco Umbrella Rank: 7522
1 crwdcntrl.net
id.crwdcntrl.net — Cisco Umbrella Rank: 1561
343 B
1 clarium.io
protected-by.clarium.io — Cisco Umbrella Rank: 1803
345 B
1 akamaihd.net
qsearch-a.akamaihd.net — Cisco Umbrella Rank: 1713
329 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231
1 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1220
4 KB
1 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 2246
914 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 991
344 B
1 privacymanager.io
geo.privacymanager.io — Cisco Umbrella Rank: 1461
593 B
1 adsafeprotected.com
static.adsafeprotected.com — Cisco Umbrella Rank: 562
480 B
1 a2z.com
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
48 B
1 alexametrics.com
certify.alexametrics.com — Cisco Umbrella Rank: 4935
551 B
1 partplanes.com
partplanes.com — Cisco Umbrella Rank: 159056
27 KB
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 556
406 B
1 crtx.info
run.crtx.info — Cisco Umbrella Rank: 31532
104 KB
1 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1355
40 KB
1 net.
d3l320urli0p1u.cloudfront.net.
40 KB
1 saferead.org
kayleighmcenany.saferead.org
526 B
0 casalemedia.com Failed
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 576 Failed
0 2mdn.net Failed
s0.2mdn.net Failed
330 74
Domain Requested by
17 www.westernjournal.com www.westernjournal.com
13 static.criteo.net ads.eu.criteo.com
11 securepubads.g.doubleclick.net d3l320urli0p1u.cloudfront.net.
www.googletagservices.com
securepubads.g.doubleclick.net
www.westernjournal.com
10 eus.rubiconproject.com d3l320urli0p1u.cloudfront.net.
eus.rubiconproject.com
ex.ingage.tech
10 ins.connatix.com cd.connatix.com
9 ads.pubmatic.com d3l320urli0p1u.cloudfront.net.
6 sync-tm.everesttech.net 6 redirects
6 usersync.gumgum.com d3l320urli0p1u.cloudfront.net.
6 cm.g.doubleclick.net 1 redirects d3l320urli0p1u.cloudfront.net.
www.westernjournal.com
6 match.adsrvr.org ads.pubmatic.com
df80k0z3fi8zg.cloudfront.net
d3l320urli0p1u.cloudfront.net.
6 s-img.mgid.com www.westernjournal.com
6 tpc.googlesyndication.com 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
6 platform.twitter.com www.westernjournal.com
d3l320urli0p1u.cloudfront.net.
platform.twitter.com
5 pixel.rubiconproject.com 2 redirects eus.rubiconproject.com
www.westernjournal.com
5 cds.connatix.com www.westernjournal.com
d3l320urli0p1u.cloudfront.net.
5 assets.revcontent.com d3l320urli0p1u.cloudfront.net.
5 c.amazon-adsystem.com d3l320urli0p1u.cloudfront.net.
c.amazon-adsystem.com
4 token.rubiconproject.com 4 redirects
4 secure-assets.rubiconproject.com 4 redirects
4 ssc-cms.33across.com d3l320urli0p1u.cloudfront.net.
4 creativecdn.com 4 redirects
4 imasdk.googleapis.com www.westernjournal.com
d3l320urli0p1u.cloudfront.net.
4 hb.aralego.com df80k0z3fi8zg.cloudfront.net
4 g2.gumgum.com df80k0z3fi8zg.cloudfront.net
4 ssc.33across.com df80k0z3fi8zg.cloudfront.net
4 ex.ingage.tech 1 redirects df80k0z3fi8zg.cloudfront.net
d3l320urli0p1u.cloudfront.net.
4 trends.revcontent.com d3l320urli0p1u.cloudfront.net.
4 event.insticator.com d3lcz8vpax4lo2.cloudfront.net
4 www.googletagservices.com d3l320urli0p1u.cloudfront.net.
7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
4 ib.adnxs.com www.westernjournal.com
df80k0z3fi8zg.cloudfront.net
acdn.adnxs.com
3 aax-eu.amazon-adsystem.com 2 redirects www.westernjournal.com
3 s.amazon-adsystem.com 2 redirects www.westernjournal.com
3 sync.mathtag.com 3 redirects
3 cs.emxdgt.com d3l320urli0p1u.cloudfront.net.
3 rtb.gumgum.com d3l320urli0p1u.cloudfront.net.
3 www.google.com www.westernjournal.com
7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
3 www.facebook.com www.westernjournal.com
3 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com d3l320urli0p1u.cloudfront.net.
3 www.google-analytics.com d3l320urli0p1u.cloudfront.net.
www.westernjournal.com
3 fastlane.rubiconproject.com www.westernjournal.com
df80k0z3fi8zg.cloudfront.net
3 ap.lijit.com www.westernjournal.com
df80k0z3fi8zg.cloudfront.net
d3l320urli0p1u.cloudfront.net.
2 sync.1rx.io 2 redirects
2 sync.aralego.com d3l320urli0p1u.cloudfront.net.
cdn.aralego.net
2 id5-sync.com ads.pubmatic.com
df80k0z3fi8zg.cloudfront.net
2 cdn.mgid.com www.westernjournal.com
2 breadbalance.com d3l320urli0p1u.cloudfront.net.
2 yeet.revcontent.com d3l320urli0p1u.cloudfront.net.
2 cat.nl.eu.criteo.com ads.eu.criteo.com
2 img.connatix.com www.westernjournal.com
2 ads.eu.criteo.com 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
2 rtb.nl.eu.criteo.com www.westernjournal.com
2 signal-segments.s-onetag.com d3l320urli0p1u.cloudfront.net.
2 insticator.technoratimedia.com df80k0z3fi8zg.cloudfront.net
2 adservice.google.com d3l320urli0p1u.cloudfront.net.
2 adservice.google.de d3l320urli0p1u.cloudfront.net.
2 mug.criteo.com www.westernjournal.com
2 gum.criteo.com 1 redirects
2 syndication.twitter.com platform.twitter.com
www.westernjournal.com
2 confiant-integrations.global.ssl.fastly.net d3l320urli0p1u.cloudfront.net.
2 connect.facebook.net d3l320urli0p1u.cloudfront.net.
2 telemetries.jeeng.com users.api.jeeng.com
2 auth.instiengage.com d3l320urli0p1u.cloudfront.net.
auth.instiengage.com
2 geoip.instiengage.com d3lcz8vpax4lo2.cloudfront.net
product.instiengage.com
2 jsc.mgid.com d3l320urli0p1u.cloudfront.net.
2 capi.connatix.com www.westernjournal.com
cd.connatix.com
2 sb.scorecardresearch.com d3l320urli0p1u.cloudfront.net.
www.westernjournal.com
2 hbopenbid.pubmatic.com www.westernjournal.com
df80k0z3fi8zg.cloudfront.net
2 script.4dex.io d3l320urli0p1u.cloudfront.net.
2 soapps.net www.westernjournal.com
2 d3lcz8vpax4lo2.cloudfront.net d3l320urli0p1u.cloudfront.net.
2 www.googletagmanager.com d3l320urli0p1u.cloudfront.net.
2 i.clean.gg d3l320urli0p1u.cloudfront.net.
2 users.api.jeeng.com www.westernjournal.com
users.api.jeeng.com
1 signal-metrics-collector-beta.s-onetag.com signal-beacon.s-onetag.com
1 connect-metrics-collector.s-onetag.com get.s-onetag.com
1 pr-bh.ybp.yahoo.com 1 redirects
1 id.rlcdn.com www.westernjournal.com
1 ads.yahoo.com www.westernjournal.com
1 pixel-us-east.rubiconproject.com eus.rubiconproject.com
1 static.instiengage.com www.westernjournal.com
1 comment.instiengage.com 1 redirects
1 biddr.brealtime.com d3l320urli0p1u.cloudfront.net.
1 cdn.aralego.net d3l320urli0p1u.cloudfront.net.
1 cookie.lmgssp.com d3l320urli0p1u.cloudfront.net.
1 ad-cdn.technoratimedia.com d3l320urli0p1u.cloudfront.net.
1 u.openx.net d3l320urli0p1u.cloudfront.net.
1 acdn.adnxs.com d3l320urli0p1u.cloudfront.net.
1 api.rlcdn.com df80k0z3fi8zg.cloudfront.net
1 image6.pubmatic.com ads.pubmatic.com
1 id.crwdcntrl.net ads.pubmatic.com
1 cm.mgid.com www.westernjournal.com
1 servicer.mgid.com d3l320urli0p1u.cloudfront.net.
1 c.mgid.com d3l320urli0p1u.cloudfront.net.
1 cdn.revcontent.com www.westernjournal.com
1 protected-by.clarium.io www.westernjournal.com
1 ams1-ib.adnxs.com d3l320urli0p1u.cloudfront.net.
1 cdn.adnxs.com d3l320urli0p1u.cloudfront.net.
1 warp.media.net d3l320urli0p1u.cloudfront.net.
1 qsearch-a.akamaihd.net d3l320urli0p1u.cloudfront.net.
1 cdnjs.cloudflare.com ads.eu.criteo.com
1 img.revcontent.com www.westernjournal.com
1 s3.amazonaws.com d3l320urli0p1u.cloudfront.net.
1 vid.connatix.com cd.connatix.com
1 capi-tier-2-us-east-2.connatix.com cd.connatix.com
1 lit.connatix.com cd.connatix.com
1 signal-beacon.s-onetag.com d3l320urli0p1u.cloudfront.net.
1 onetag-geo.s-onetag.com d3l320urli0p1u.cloudfront.net.
1 www.google.de www.westernjournal.com
1 stats.g.doubleclick.net www.google-analytics.com
1 pixel.quantserve.com www.westernjournal.com
1 hb.emxdgt.com df80k0z3fi8zg.cloudfront.net
1 tag.1rx.io df80k0z3fi8zg.cloudfront.net
1 prebid.a-mo.net df80k0z3fi8zg.cloudfront.net
1 insticator-d.openx.net df80k0z3fi8zg.cloudfront.net
1 apex.go.sonobi.com df80k0z3fi8zg.cloudfront.net
1 get.s-onetag.com d3l320urli0p1u.cloudfront.net.
1 region1.google-analytics.com www.googletagmanager.com
1 rules.quantcount.com d3l320urli0p1u.cloudfront.net.
1 geo.privacymanager.io d3l320urli0p1u.cloudfront.net.
1 df80k0z3fi8zg.cloudfront.net d3l320urli0p1u.cloudfront.net.
1 geoip.insticator.com d3lcz8vpax4lo2.cloudfront.net
1 static.adsafeprotected.com www.westernjournal.com
1 s3-us-west-2.amazonaws.com d3l320urli0p1u.cloudfront.net.
1 redirect.prod.experiment.routing.cloudfront.aws.a2z.com www.westernjournal.com
1 certify.alexametrics.com www.westernjournal.com
1 secure.quantserve.com d3l320urli0p1u.cloudfront.net.
1 ats.rlcdn.com d3l320urli0p1u.cloudfront.net.
1 cd.connatix.com 1 redirects
1 prebid.media.net www.westernjournal.com
1 hbx.media.net d3l320urli0p1u.cloudfront.net.
1 partplanes.com d3l320urli0p1u.cloudfront.net.
1 d31qbv1cthcecs.cloudfront.net d3l320urli0p1u.cloudfront.net.
1 bh.contextweb.com www.westernjournal.com
1 b2cdn.automatad.com www.westernjournal.com
1 go.automatad.com 1 redirects
1 run.crtx.info www.westernjournal.com
1 www.googleoptimize.com www.westernjournal.com
1 product.instiengage.com www.westernjournal.com
1 d3l320urli0p1u.cloudfront.net. www.westernjournal.com
1 kayleighmcenany.saferead.org 1 redirects
0 ssum-sec.casalemedia.com Failed d3l320urli0p1u.cloudfront.net.
0 contextual.media.net Failed d3l320urli0p1u.cloudfront.net.
0 pagead2.googlesyndication.com Failed www.westernjournal.com
0 s0.2mdn.net Failed www.westernjournal.com
0 pix.eu.criteo.net Failed ads.eu.criteo.com
0 csm.eu.criteo.net Failed ads.eu.criteo.com
330 146

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-13 -
2023-06-13
a year crt.sh
*.cloudfront.net
Amazon
2022-02-01 -
2023-01-31
a year crt.sh
*.instiengage.com
Sectigo RSA Organization Validation Secure Server CA
2022-05-24 -
2023-05-24
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.crtx.info
Amazon
2022-02-15 -
2023-03-16
a year crt.sh
jeeng.com
Cloudflare Inc ECC CA-3
2021-09-13 -
2022-09-12
a year crt.sh
i.clean.gg
GTS CA 1D4
2022-06-10 -
2022-09-08
3 months crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA
2022-02-04 -
2023-02-03
a year crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-20 -
2022-10-19
a year crt.sh
*.soapps.net
Sectigo RSA Organization Validation Secure Server CA
2022-01-13 -
2023-01-22
a year crt.sh
*.contextweb.com
DigiCert TLS RSA SHA256 2020 CA1
2022-04-07 -
2023-05-08
a year crt.sh
partplanes.com
GTS CA 1P5
2022-06-08 -
2022-09-06
3 months crt.sh
*.media.net
DigiCert SHA2 Secure Server CA
2022-02-20 -
2023-02-22
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2022-03-11 -
2023-04-12
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-04-04
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
c.amazon-adsystem.com
Amazon
2022-05-09 -
2023-04-18
a year crt.sh
*.scorecardresearch.com
Amazon
2022-01-29 -
2023-02-27
a year crt.sh
assets.revcontent.com
R3
2022-05-17 -
2022-08-15
3 months crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2
2021-08-20 -
2022-09-21
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2022-02-03 -
2023-02-25
a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-22 -
2022-09-21
a year crt.sh
certify.alexametrics.com
Amazon
2022-05-30 -
2023-06-28
a year crt.sh
*.prod.experiment.routing.cloudfront.aws.a2z.com
Amazon
2021-10-12 -
2022-11-10
a year crt.sh
*.s3-us-west-2.amazonaws.com
Amazon
2021-12-17 -
2022-11-29
a year crt.sh
telemetries.jeeng.com
GTS CA 1D4
2022-06-08 -
2022-09-06
3 months crt.sh
static.adsafeprotected.com
Amazon
2021-09-05 -
2022-10-04
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-04-03 -
2022-07-02
3 months crt.sh
*.insticator.com
Sectigo RSA Organization Validation Secure Server CA
2021-08-11 -
2022-08-25
a year crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2022 Q2
2022-05-04 -
2023-06-05
a year crt.sh
*.privacymanager.io
Amazon
2021-09-25 -
2022-10-24
a year crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-06-15 -
2022-09-18
3 months crt.sh
*.google.de
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.google.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.s-onetag.com
Amazon
2022-01-04 -
2023-02-01
a year crt.sh
revcontent.com
Amazon
2021-08-09 -
2022-09-07
a year crt.sh
*.ingage.tech
Sectigo RSA Organization Validation Secure Server CA
2021-07-15 -
2022-07-18
a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-09-17 -
2022-10-05
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2021-12-08 -
2023-01-09
a year crt.sh
ssc.33across.com
GTS CA 1D4
2022-05-20 -
2022-08-18
3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018
2021-07-08 -
2022-08-08
a year crt.sh
*.a-mo.net
R3
2022-05-05 -
2022-08-03
3 months crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA
2021-06-01 -
2022-07-02
a year crt.sh
*.emxdgt.com
Amazon
2022-06-02 -
2023-07-01
a year crt.sh
*.gumgum.com
Amazon
2022-05-06 -
2023-06-04
a year crt.sh
*.aralego.com
Sectigo RSA Domain Validation Secure Server CA
2021-10-21 -
2022-11-20
a year crt.sh
www.google.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
www.google.de
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.nl.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-05-22 -
2022-08-24
3 months crt.sh
*.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-05-27 -
2022-08-25
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-06-21 -
2022-09-23
3 months crt.sh
s3.amazonaws.com
Amazon
2022-04-01 -
2023-03-30
a year crt.sh
img.revcontent.com
R3
2022-05-17 -
2022-08-15
3 months crt.sh
a248.e.akamai.net
DigiCert SHA2 Secure Server CA
2021-07-15 -
2022-07-20
a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018
2021-12-10 -
2022-12-09
a year crt.sh
protected-by.clarium.io
Gandi Standard SSL CA 2
2022-04-10 -
2023-04-26
a year crt.sh
cdn.revcontent.com
R3
2022-05-13 -
2022-08-11
3 months crt.sh
breadbalance.com
GTS CA 1P5
2022-06-08 -
2022-09-06
3 months crt.sh
*.id5-sync.com
R3
2022-05-31 -
2022-08-29
3 months crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2
2022-05-01 -
2023-06-02
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-23 -
2022-09-30
a year crt.sh
*.lmgssp.com
Go Daddy Secure Certificate Authority - G2
2021-11-19 -
2022-12-21
a year crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon
2022-02-15 -
2023-03-16
a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2
2022-01-21 -
2023-02-22
a year crt.sh

This page contains 57 frames:

Primary Page: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Frame ID: E2E184C131A9600377E27B18D105C435
Requests: 181 HTTP requests in this frame

Frame: https://cds.connatix.com/p/167773/connatix.player.dc.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Frame ID: 80D2684D38B454401805C0C74E652F52
Requests: 20 HTTP requests in this frame

Frame: https://auth.instiengage.com/auth/index.html
Frame ID: A0368C138EC34C2A51979330EAC9F25C
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fwww.westernjournal.com
Frame ID: 0A4D9DBA4515CF85BDA64AFD95559904
Requests: 2 HTTP requests in this frame

Frame: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0130F283E91CC7ABE969CACEF743EDD5
Requests: 1 HTTP requests in this frame

Frame: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4FD48E238E7AE79C9D5C23392C79D201
Requests: 10 HTTP requests in this frame

Frame: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CD37DB875037C836711D6A9EE6E4D139
Requests: 10 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Frame ID: D0F8FD26CF17840A383CCC0C739B6223
Requests: 10 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Frame ID: A8EA9C0C5E624B5FF6FE77C68D238CE9
Requests: 15 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=WestJournalism&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9LCJ0ZndfcmVmc3JjX3Nlc3Npb24iOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd191c2VyX2ZvbGxvd19pbnRlbnRfMTQ0MDYiOnsiYnVja2V0IjoiZm9sbG93IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1540412715415617536&lang=en&origin=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&sessionId=e9cdbe68a78aa2b0d4cefdb4bf229c4ac86a62c5&siteScreenName=WestJournalism&theme=light&widgetsVersion=b45a03c79d4c1%3A1654150928467&width=550px
Frame ID: 06601DFC39644F030A0AD39682CFE553
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.519.0_en.html
Frame ID: 8B875B6454536B796005A85A38DC0443
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.519.0_en.html
Frame ID: C6A68207739C32C315943AD906E1628A
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.519.0_en.html
Frame ID: AE665B051555B5F3DCD288F7F0E2A097
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: AD18282DAA509C2389AD2B35B235DF75
Requests: 1 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1656114249009271125118
Frame ID: F04A5DF78A5A170C38FC1BDF529A4451
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: AAE91D4C5A5ED9664147342F44925506
Requests: 2 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=&gdpr=1&gdpr_consent=
Frame ID: 40CC4C9525FED792437804E0670A211B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum&tc=1
Frame ID: 05188946973E599939B6A1D968EF4156
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Frame ID: 1AB75946A7ADD0461973FD5A655A9DAB
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com%2C%20r12.lb.indexww.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D&s=192379&C=1
Frame ID: D6053C959B3EC7F6DFF5E5B1F6C27C03
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: BF37C000A36228B514D876FA631A5D1E
Requests: 3 HTTP requests in this frame

Frame: https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3DUCFUID
Frame ID: 0461004D966D8D1662E9DC8FD18EF2A4
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=&gdpr=1&gdpr_consent=
Frame ID: 94595D57CC35311EDAECDEC7BBAB83DD
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=&gdpr=1&gdpr_consent=
Frame ID: C88BAC1392358F213FC2E6472C62791C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Frame ID: 7910C7B835183886A607F65EDE1A6907
Requests: 4 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Frame ID: 53E24545761BAE9F70210DAE6C08A034
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 890F166072064FA5684C029ED6E9757A
Requests: 10 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 9570C0BE4726017E3E5DDE210176CBD5
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Frame ID: E5D41DF0497E7E3CA858D0BA546E1EED
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=asRWdk7Kyr7ioGrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 4A83A76C4DA3B43B35B753314CC604C1
Requests: 1 HTTP requests in this frame

Frame: https://ad-cdn.technoratimedia.com/html/usersync.html?src=prebid_prebid_6.15.0
Frame ID: 3F7C7F7E5707D57332510F23BE03BC13
Requests: 1 HTTP requests in this frame

Frame: https://cookie.lmgssp.com/d459e3c6da768f28b23fc200eeedcdc1.gif?gdpr=0&puid=c61d5f03-0670-4713-b0cc-02d7d89d60be&redir=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Flunamedia%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D%5BUID%5D
Frame ID: 6CA927EF5F4A9EDE2E09BBED5E6CB97B
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=aleOzs7Kyr7ioGrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Frame ID: D2333D5106E99E9129E267FEFCAEE3F6
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Frame ID: 813DF2346DE0575C64D9F2444E195450
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Frame ID: 89A355EBB42B8690C1909AC8D8187F0A
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
Frame ID: 534D953B0B912AD07A689ABDDF57D58D
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5416072143
Frame ID: 46A7591EA127F2333499DF9A60C2508D
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Frame ID: B6AB6873F02DF8B2C1022F102F5C39F4
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Frame ID: 4F09E9D7BD16FE2D18BE601B4DA62AC4
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: D12970EA2A7FDD8F3B65564BDBD78523
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3DPM_UID
Frame ID: BCE68AA2DA66B5A8A39FFBAF3249A5DF
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 61152AE2AFEE4574B31F6362EC3918AD
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
Frame ID: 65D0E6ECDE079F9B1BDC21402200D029
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Frame ID: 3A7C45457EEEAF48D21AC156CDC4AB0F
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406715
Frame ID: E6EB19D5537747C3787ED2FA72ACF204
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Frame ID: 4CEBA15FCD86CCE1914DAF1DEC6863B4
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Frame ID: 999FDD4A23295EC1532D55441EB25ABC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/sync.html
Frame ID: DF5FB8ABB5E8A695B3F40256B1F75220
Requests: 2 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: E18BCA32E82FBEE1C39366C5A6BD83EF
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTs_dYwAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTs_dYwAj
Frame ID: A22E794DF91384D99ECB6887D1FE0AA1
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: DE9CDC9BC1474D1B2047048260A9409F
Requests: 2 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTsadeQAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTsadeQAj
Frame ID: FB9F43AE1566BB6F349BB7BE0931A80C
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Frame ID: 9C093C3D767F939F0D08DCE0D48BC97F
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Frame ID: E838DABE00FA97D3655D6CE7B4D1335E
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTZmdmgAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTZmdmgAj
Frame ID: 78FD747EB8D3BBE971090DCE92F534AB
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=aISzFq7Kyr7ioGrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Frame ID: C5C5DC4349418A446607E2534413105C
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=aBPa4O7Kyr7ioGrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Frame ID: B035983515EF93FF1F2C71DAD7BFBD1A
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://kayleighmcenany.saferead.org/v2SXJJ HTTP 302
    https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabb... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe

Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 100%
Detected patterns
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

330
Requests

91 %
HTTPS

31 %
IPv6

74
Domains

146
Subdomains

116
IPs

9
Countries

3596 kB
Transfer

10886 kB
Size

60
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kayleighmcenany.saferead.org/v2SXJJ HTTP 302
    https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://go.automatad.com/geo/OaEAJP/afihbs.js HTTP 301
  • https://b2cdn.automatad.com/geo/OaEAJP/all-geo-W/afihbs.js
Request Chain 44
  • https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c HTTP 302
  • https://cds.connatix.com/p/167773/connatix.player.dc.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Request Chain 88
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.westernjournal.com%2F&domain=www.westernjournal.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=zjUnXXwwT1FqZUxuem5GWXhaL2M1eUJOQTkzZzBBMGhVZm5jYVdYRWN2bmd2WUlhcVpmbWpzdk90d2VaWWpmWC9WT1gwNWlJd0tjbXA1eHREY2JBM2h0WktGRkxVOEl1YTNvczJ0dFNSdExCVFprUG9lK3NYZmZLTWdmdzcwK05VZHE3QmVOSThSa0o2alRrdlU3YnlqRkZPNE42cDVjUUJNYWUwcElPWldzQlNzYWxnNmhxbmR1U1JtQ0hoUTJpZmtkSkZrelZkVEJtSFBTNXovTnFoVWhLY3ZoRytCS3l6aG1IaDRvZDRnV1dPQnN3YnVEeWxyNkNwRlNWbkRoMTM1azY1fA&cppv=2
Request Chain 267
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum&tc=1
Request Chain 269
  • https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com%2C%20r12.lb.indexww.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D&s=192379&C=1
Request Chain 285
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
Request Chain 286
  • https://ex.ingage.tech/v1/syncPage/unruly?userId=c61d5f03-0670-4713-b0cc-02d7d89d60be&to=https%3A%2F%2Fsync.1rx.io%2Fusersync2%2Frmpssp%3Fsub%3Dinsticator HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=insticator HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=insticator&zcc=1&cb=1656114253293 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5416072143
Request Chain 287
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Request Chain 289
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 292
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 293
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
Request Chain 297
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Request Chain 300
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YrZMTQALTs_dYwAj HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTs_dYwAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTs_dYwAj
Request Chain 301
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 302
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YrZMTQALTsadeQAj HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTsadeQAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTsadeQAj
Request Chain 303
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Request Chain 305
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YrZMTQALTZmdmgAj HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTZmdmgAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTZmdmgAj
Request Chain 308
  • https://comment.instiengage.com/live/loader/loader.js HTTP 301
  • https://static.instiengage.com/app-loader/static/loader.js
Request Chain 314
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator HTTP 301
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Request Chain 319
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Wom0OvgLQH2Z29ULnOHqUA&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Wom0OvgLQH2Z29ULnOHqUA
Request Chain 320
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L4T3NW5C-28-HYQY&sigv=1&esig=2~98c46aa3e13dc58a4fc21f7031a0e245d3f40fd7
Request Chain 322
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRUM05XNUMtMjgtSFlRWQ==
Request Chain 323
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=3ysD1i6ITDapOWqKE5ItVw&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=3ysD1i6ITDapOWqKE5ItVw
Request Chain 324
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjY4ZWZjMmQ0ZDRiNDk0ZTUyMjBlYzZjYmYxOWMyMGI5ZmZiNTM1ZQ
Request Chain 325
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/_cLkNOeWROYIBkGX3Lb9-Mn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8966378377504425640
Request Chain 326
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGUr7az96N1a2vFU3AKI_1I&google_cver=1

330 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/
Redirect Chain
  • https://kayleighmcenany.saferead.org/v2SXJJ
  • https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
229 KB
34 KB
Document
General
Full URL
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8307d6e6de560c583cdb0b895d308b7b957d2c94c4a7d545ae00020335b89e9
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=1800
cf-cache-status
MISS
cf-ray
720954589d0d91ed-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 24 Jun 2022 23:44:07 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Fri, 24 Jun 2022 23:44:07 GMT
link
<https://www.westernjournal.com/wp-json/>; rel="https://api.w.org/" <https://www.westernjournal.com/wp-json/wp/v2/posts/3074950>; rel="alternate"; type="application/json" <https://www.westernjournal.com/?p=3074950>; rel=shortlink
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding

Redirect headers

Date
Fri, 24 Jun 2022 23:44:06 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
connection
close
content-length
0
content-type
text/html; charset=utf-8
location
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
pragma
no-cache
x-content-type-options
nosniff
x-ratelimit-limit
50
x-ratelimit-remaining
49
x-ratelimit-reset
60
script.js
d3l320urli0p1u.cloudfront.net./
117 KB
40 KB
Script
General
Full URL
https://d3l320urli0p1u.cloudfront.net./script.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7800:d:99dd:3480:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
83d0526b6227f7f8e076d27900586b9a0712b48d50ac08266d5cbb97520194be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:36:43 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 17:01:42 GMT
server
AmazonS3
age
453
etag
W/"d688302440f4dec278baeb3d8d4eb094"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront)
cache-control
max-age=600,public,must-revalidate
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
RbV5447AxkZjlh_NlgjnaHiZIQuP9LZZyGMcyFWYoT5t6g-ai8DFjg==
classic-main.css
www.westernjournal.com/wp-content/themes/firefly/assets/css/
60 KB
11 KB
Stylesheet
General
Full URL
https://www.westernjournal.com/wp-content/themes/firefly/assets/css/classic-main.css?ver=2.0-1654174947
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8716001d681ab825c188c991accf1ed80cbc67cd16c98ecf787d7e13b3d32b6f
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 02 Jun 2022 13:02:27 GMT
server
cloudflare
age
914
etag
W/"6298b4e3-ee48"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1800
strict-transport-security
max-age=2592000; includeSubDomains
cf-ray
7209545fecd991ed-FRA
cf-bgj
minify
prebid.js
www.westernjournal.com/wp-content/themes/firefly/assets/js/
290 KB
91 KB
Script
General
Full URL
https://www.westernjournal.com/wp-content/themes/firefly/assets/js/prebid.js?ver=1646083962
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df1bfdeb4012eb958a83f652311e16d8f2e1a20a59b47eef7994078fa8ed5218
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 28 Feb 2022 21:32:42 GMT
server
cloudflare
age
3866
etag
W/"621d3f7a-48849"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1800
strict-transport-security
max-age=2592000; includeSubDomains
cf-ray
720954609d8b91ed-FRA
9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
product.instiengage.com/product-loader-code/
14 KB
5 KB
Script
General
Full URL
https://product.instiengage.com/product-loader-code/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ec00:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
16d62e24c637636ec932e60a1e86a40422835c4b631f0693385a0e9469d31cc1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
u9qdTq2sKkBx0ogbNfaRR3B8Qr9oO42p
content-encoding
br
last-modified
Mon, 20 Jun 2022 10:55:02 GMT
server
AmazonS3
age
275
etag
W/"9d1dbe9580f380d50b0c1fade3df3960"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
cache-control
max-age=3600,public
date
Fri, 24 Jun 2022 23:42:02 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
jZGlDtwSD8Nr0atA_GeSr2kv3k9cGwgpY5WNKEp42M2TbkrwwSjYpA==
optimize.js
www.googleoptimize.com/
105 KB
40 KB
Script
General
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-WL75GFT
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7ff58dbd76cc8bee4b3e4516ebfd093ec8daacb60c7db00f1636118472efc2b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40602
x-xss-protection
0
expires
Fri, 24 Jun 2022 23:44:07 GMT
track.min.js
run.crtx.info/
103 KB
104 KB
Script
General
Full URL
https://run.crtx.info/track.min.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:dc00:14:248f:8500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9ad498922283d143b7abade92e57ea7f0aea2bd35655220dc50a675f463a3c04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 04:54:04 GMT
via
1.1 809c299e67c4ffca3db95351c7287bd8.cloudfront.net (CloudFront)
last-modified
Mon, 15 Feb 2021 22:14:47 GMT
server
AmazonS3
age
67887
etag
"f88a765c6ea3dacc55ca6ed581e54f1f"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-length
105945
x-amz-cf-id
2s8WC4aMOYwUnKmKNAYhTaoXF1tp8EUk-29l45cpbrXlPUqkYrR9-Q==
/
users.api.jeeng.com/users/domains/VAM4nzne41/sdk/
354 KB
120 KB
Script
General
Full URL
https://users.api.jeeng.com/users/domains/VAM4nzne41/sdk/
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:39ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
6c57df6087a682168872106bbb7c49839cde546aa4ebaa37ac064b123047689d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
age
3063
x-powered-by
Express
x-cache
Hit from cloudfront
access-control-allow-origin
*
server
cloudflare
etag
W/"588ac-xTL6v6ckC82cIwmLU9llvLbtXb4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 109c7a7f1cf897851e09b16d3030a948.cloudfront.net (CloudFront)
x-cloud-trace-context
233e28466e711a21aa6164647ebbab1d
cache-control
max-age=3600
x-amz-cf-pop
FRA60-P2
cf-ray
720954616e1d9bc2-FRA
x-amz-cf-id
TkBlzJgfKgFwM36J5pF-vJD7POWtw3pw3Rc1rv45w_SBr7QwQKxLYg==
afihbs.js
b2cdn.automatad.com/geo/OaEAJP/all-geo-W/
Redirect Chain
  • https://go.automatad.com/geo/OaEAJP/afihbs.js
  • https://b2cdn.automatad.com/geo/OaEAJP/all-geo-W/afihbs.js
0
0
Script
General
Full URL
https://b2cdn.automatad.com/geo/OaEAJP/all-geo-W/afihbs.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Server
185.93.2.243 Paris, France, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-185-93-2-243.datapacket.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Redirect headers

date
Fri, 24 Jun 2022 23:44:08 GMT
server
nginx/1.17.8
content-type
text/html; charset=utf-8
location
https://b2cdn.automatad.com/geo/OaEAJP/all-geo-W/afihbs.js
cache-control
no-cache
x-automatad-country
DE
content-length
93
expires
Fri, 24 Jun 2022 23:44:07 GMT
1a
i.clean.gg/
0
104 B
XHR
General
Full URL
https://i.clean.gg/1a
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
via
1.1 google
server
nginx/1.21.6
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
1a
i.clean.gg/ Frame
0
0
Preflight
General
Full URL
https://i.clean.gg/1a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.westernjournal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 24 Jun 2022 23:44:07 GMT
server
nginx/1.21.6
via
1.1 google
gtm.js
www.googletagmanager.com/
170 KB
49 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-K3K9VP
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ef18d567ba54e04ac993dd3f2678a02fb9b280134793978a987b572c37cc4578
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50134
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 24 Jun 2022 23:44:08 GMT
pwt.js
ads.pubmatic.com/AdServer/js/pwt/158410/3599/
167 KB
54 KB
Script
General
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/158410/3599/pwt.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dea36661bcd2e84495bb6ab5c2b679cde1267f5fd6e9e4f44908b3acb8816ec6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
last-modified
Thu, 30 Sep 2021 19:39:57 GMT
server
Apache
etag
"1421c11-29a3b-5cd3b9c953a17"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=126645
accept-ranges
bytes
content-type
text/javascript
content-length
54751
expires
Sun, 26 Jun 2022 10:54:53 GMT
9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
d3lcz8vpax4lo2.cloudfront.net/ads-code/
16 KB
6 KB
Script
General
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/ads-code/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:c400:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0cb33c0612122c24e36d7e9e4946b41ec3d2f0016a96fab8354cb9e15c639ef1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
mzB7HT5C2AUcPPaU5FKaHXjngSZFVkVr
content-encoding
br
last-modified
Thu, 23 Jun 2022 05:38:00 GMT
server
AmazonS3
age
36
etag
W/"626ddc2712e1f92ff4bd4a23d844e9dd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 32e3b86ae254a231182567c0124af892.cloudfront.net (CloudFront)
cache-control
max-age=60
date
Fri, 24 Jun 2022 23:44:08 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
KKoDxEZupo3ENYLS8_xVZUnG0QYQ8u0rkyu8tSp2UOW3hcIzdwo20w==
wj-logo-white.svg
www.westernjournal.com/wp-content/uploads/2022/05/
5 KB
2 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/05/wj-logo-white.svg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
107efb180fdc839cd0c0d138c64525679bfe24d23a45dfe2d707a3d9ec03ed16
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 19 May 2022 10:03:49 GMT
server
cloudflare
age
738136
etag
W/"62861605-147f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
strict-transport-security
max-age=2592000; includeSubDomains
cf-ray
72095461eeea91ed-FRA
wj-logo-blue.svg
www.westernjournal.com/wp-content/uploads/2022/05/
5 KB
2 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/05/wj-logo-blue.svg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0f3e01f5c6b35ee75f07456af79f93e9477f1d0e167a6d82b11995a9967506c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 19 May 2022 10:03:51 GMT
server
cloudflare
age
738136
etag
W/"62861607-147f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
strict-transport-security
max-age=2592000; includeSubDomains
cf-ray
72095461eeeb91ed-FRA
MyselfTombstone-150x150.jpg
www.westernjournal.com/wp-content/uploads/2022/06/
8 KB
8 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/06/MyselfTombstone-150x150.jpg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ac14b6764f63f4a61f8ffc9fa50fecdee012c724c9699a7dde8a62a2ae857d8
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
332357
cf-polished
origSize=8111, status=webp_bigger
content-length
7906
last-modified
Fri, 17 Jun 2022 16:59:06 GMT
server
cloudflare
etag
"62acb2da-1faf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
72095461eeec91ed-FRA
cf-bgj
imgq:100,h2pri
widgets.js
platform.twitter.com/
97 KB
29 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6752) /
Resource Hash
dccafac57a7fcedce0d95d35007b502104f45b82f43f052159c370258ef13a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Age
1055
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
29459
x-tw-cdn
VZ
Last-Modified
Thu, 02 Jun 2022 18:12:37 GMT
Server
ECS (frb/6752)
Etag
"5d21dece96ce474f5f1ac122cbdef6eb+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
bundle.js
soapps.net/live/loader/
17 KB
7 KB
Script
General
Full URL
https://soapps.net/live/loader/bundle.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.129.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-129-115.compute-1.amazonaws.com
Software
/
Resource Hash
d5971f631d8c4068fb7c19eccc9d738ef13785a1fe5c22184a394b5bf5f5130c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 20 Jun 2022 10:50:15 GMT
ETag
W/"62b050e7-4412"
Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Type
application/javascript
Cache-Control
public, max-age=300
Transfer-Encoding
chunked
Connection
keep-alive
counter.js
soapps.net/live/loader/
26 KB
11 KB
Script
General
Full URL
https://soapps.net/live/loader/counter.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.129.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-129-115.compute-1.amazonaws.com
Software
/
Resource Hash
43f89f7fc4aabb3e5fe28b7c5ad63d387be7b1312833b8e59586a34dbe23c995
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 20 Jun 2022 10:50:15 GMT
ETag
W/"62b050e7-66bc"
Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Type
application/javascript
Cache-Control
public, max-age=300
Transfer-Encoding
chunked
Connection
keep-alive
set.aspx
bh.contextweb.com/bh/
49 B
406 B
Image
General
Full URL
https://bh.contextweb.com/bh/set.aspx?action=add&pid=1&advid=5248&token=LCMHRD&do=add
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(9.4.14.v20181114) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
content-language
de-DE
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
content-type
image/gif;charset=iso-8859-1
cw-server
bh-deployment-5fbd64586c-9kxg4
expires
-1
global-min.js
www.westernjournal.com/wp-content/themes/firefly/assets/js/
97 KB
34 KB
Script
General
Full URL
https://www.westernjournal.com/wp-content/themes/firefly/assets/js/global-min.js?ver=1.1-1648748805
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb3e8a92ee4b87659bc5cf4b6acb66f72b854337fbbe60802dfd4e6d55ae8642
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 31 Mar 2022 17:46:45 GMT
server
cloudflare
age
914
etag
W/"6245e905-18498"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1800
strict-transport-security
max-age=2592000; includeSubDomains
cf-ray
72095461eeee91ed-FRA
wp-embed.min.js
www.westernjournal.com/wp-includes/js/
1 KB
821 B
Script
General
Full URL
https://www.westernjournal.com/wp-includes/js/wp-embed.min.js?ver=5.8.4
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 03 Feb 2021 22:40:03 GMT
server
cloudflare
age
914
etag
W/"601b2643-592"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1800
strict-transport-security
max-age=2592000; includeSubDomains
cf-ray
720954607d6e91ed-FRA
atrk.js
d31qbv1cthcecs.cloudfront.net/
4 KB
2 KB
Script
General
Full URL
https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-91.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 11 Mar 2022 09:39:01 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Tue, 27 Apr 2021 18:03:54 GMT
Server
AmazonS3
Age
9122707
ETag
W/"d89453438fbf10dcf4c13265c40d5160"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
Cache-Control
max-age=26920000
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA6-C1
X-Amz-Cf-Id
PAeD9Mbtnhyhsc5EI7rNA2tv9g-PLi4YXoTPU-fR70CIxU3S1tQZsA==
v2fnsXllGjmYYZDkgwKOyVaoXJwgkvcNWxl2LluCH7xXOUPsl-k9MOjWVvyBLU2vM
partplanes.com/
90 KB
27 KB
Script
General
Full URL
https://partplanes.com/v2fnsXllGjmYYZDkgwKOyVaoXJwgkvcNWxl2LluCH7xXOUPsl-k9MOjWVvyBLU2vM
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.135.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
5.135.149.34.bc.googleusercontent.com
Software
/
Resource Hash
90d2d1168c23fe435246d014c53e3b3d466e7eeee4f8a65d7f582787af96e84c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
x-datacenter
gce-europe-west1
etag
"b91cc7ee992b667628f16e8a25aa744b4f5fa927710d4f75d9fa821af6b48e60"
vary
Accept-Encoding, Accept-Language
x-hostname
fen-hoothoot-europe-west1-spot-b0wm
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
date
Fri, 24 Jun 2022 23:44:08 GMT
x-buildnumber
564601328
timing-allow-origin
*
bidexchange.js
hbx.media.net/
573 KB
132 KB
Script
General
Full URL
https://hbx.media.net/bidexchange.js?cid=8CUYW0S8R&version=5.1&dn=www.westernjournal.com
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6d4114554a7acb97a5042f30c015a76309d9b3e50d43997902f8a2192b85c264
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept-Encoding
x-mnet-h
E
content-type
text/javascript; charset=utf-8
cache-control
max-age=1800
timing-allow-origin
*
expires
Sat, 25 Jun 2022 00:14:08 GMT
localstore.js
script.4dex.io/
483 B
945 B
Script
General
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1507457
x-amz-request-id
txc6abd54ace594ae2a5b2f-00629f4bc7
x-amz-id-2
txc6abd54ace594ae2a5b2f-00629f4bc7
last-modified
Tue, 10 May 2022 09:57:32 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5FtB%2Be5GXP00QUTb0SOEUbE5g5jM%2FGlHgu86mLspWcdm7JLP5ofz414M1e7w3Oi9D%2FI%2F%2FmnDjhIjXaegl9nqCgQ24FhWgVgSAn7XGWKJEX9%2FWwPb9I4Q1mGzjG7Hrl1HO08%2BVMH5ziRhGjk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1652176652152482
cf-ray
720954626c429214-FRA
prebid
ib.adnxs.com/ut/v3/
40 KB
16 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/wp-content/themes/firefly/assets/js/prebid.js?ver=1646083962
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
8d551b63dff6b1087f4b198dead625278f879d740aba21a7aaa14ecb2c07e5e1
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
37.58.58.243; 37.58.58.243; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
5ce9e9db-52dd-4d7e-986d-ff7b684b31e4
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.westernjournal.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
prebid.media.net/rtb/
338 B
461 B
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CU8Y0E88
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/wp-content/themes/firefly/assets/js/prebid.js?ver=1646083962
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
61e6d52c648abdf05377bb032cc277fbb72a2d28f6f884f4c23a6cfc73551669

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
bid
ap.lijit.com/rtb/
94 B
752 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.12.0
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/wp-content/themes/firefly/assets/js/prebid.js?ver=1646083962
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
d88e2b8888ef8f153e5ba727dfde5f5e7d90354c697d1c707711520237a294e6

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.westernjournal.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
translator
hbopenbid.pubmatic.com/
0
121 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/wp-content/themes/firefly/assets/js/prebid.js?ver=1646083962
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:08 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/
4 KB
3 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=14758&site_id=362618&zone_id=1963056&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&tk_flint=pbjs_lite_v4.12.0&x_source.tid=a3f4e4ea-b51d-4e8a-9615-48196be702de&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.265277478069639
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/wp-content/themes/firefly/assets/js/prebid.js?ver=1646083962
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
53e1369164fa72e42838596ca445156cffa5b7777a224844ee3713de73e26e45

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.westernjournal.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
2422
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
4 KB
3 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=14758&site_id=362618&zone_id=1963100&size_id=15&alt_size_ids=221&rf=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&tk_flint=pbjs_lite_v4.12.0&x_source.tid=22a420d9-4d14-45c4-8cd7-2029b5170f32&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7170258528129949
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/wp-content/themes/firefly/assets/js/prebid.js?ver=1646083962
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
c255bc1459516b53fe85e6fa8b8c6c06868986ae7077d89f897e5a5b624a3612

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.westernjournal.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
2408
Expires
Wed, 17 Sep 1975 21:32:10 GMT
gpt.js
www.googletagservices.com/tag/js/
82 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3635776f47217bf4a7882eab908fc0e265cdd5e287e98f93e923a51a458afdc1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28505
x-xss-protection
0
server
sffe
etag
"1255 / 519 of 1000 / last-modified: 1656108497"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 24 Jun 2022 23:44:08 GMT
apstag.js
c.amazon-adsystem.com/aax2/
140 KB
38 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-78.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb513f6173396cc8dcef3ae1f88b0b8b11a1cd5b5e1142639c83e91c7ae26e08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Fri, 24 Jun 2022 23:34:34 GMT
via
1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront), 1.1 69f13f852a135432abb1b7bfc5a8b420.cloudfront.net (CloudFront)
last-modified
Thu, 09 Jun 2022 19:20:00 GMT
server
AmazonS3
age
575
etag
W/"915836bd4f06d8d29dfc0840694722ed"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-pop
FRA60-P1, FRA2-C1
content-encoding
gzip
x-amz-cf-id
KiDL1nZmVwXgQmb_ucXylXxA0vBR2-ie0mlSP4M40Q2YpYdUK5AUUA==
beacon.js
sb.scorecardresearch.com/
4 KB
2 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-28.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 14:25:27 GMT
content-encoding
gzip
etag
W/"eaf85c1c6758e84acfe134efd70e9373"
last-modified
Thu, 09 Jun 2022 14:24:43 GMT
server
AmazonS3
age
33523
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
zIBaBe5Xui9KeTiw63kESQ7Q4UIepldnZoIs5JRj9h9BzKG6hOIGwg==
a-gay-wedding-and-Justice-Clarence-Thomas-559x327.jpg
www.westernjournal.com/wp-content/uploads/2022/06/
29 KB
29 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/06/a-gay-wedding-and-Justice-Clarence-Thomas-559x327.jpg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
088940816fba841003999c5d18402699d7031ddfd94fc77a6dd47bade79f51c9
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
27175
cf-polished
origSize=31704, status=webp_bigger
content-length
29686
last-modified
Fri, 24 Jun 2022 16:00:18 GMT
server
cloudflare
etag
"62b5df92-7bd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
720954621f1391ed-FRA
cf-bgj
imgq:100,h2pri
Untitled_design_36-559x327.jpg
www.westernjournal.com/wp-content/uploads/2022/06/
25 KB
25 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/06/Untitled_design_36-559x327.jpg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9012265e619df16abf9d30aa85b6777bfb81de075b1136697a3ba208d0efb4f3
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
20316
cf-polished
origSize=25892, status=webp_bigger
content-length
25099
last-modified
Fri, 24 Jun 2022 17:11:53 GMT
server
cloudflare
etag
"62b5f059-6524"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
720954621f1491ed-FRA
cf-bgj
imgq:100,h2pri
March-for-Life-559x327.jpg
www.westernjournal.com/wp-content/uploads/2022/06/
34 KB
34 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/06/March-for-Life-559x327.jpg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94934ad8e46db35a51ffeb53dce44c9f879db496251b83f8c7443d2d84a8bb38
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
33264
cf-polished
origSize=37271, status=webp_bigger
content-length
34506
last-modified
Mon, 20 Jun 2022 16:27:53 GMT
server
cloudflare
etag
"62b0a009-9197"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
720954621f1591ed-FRA
cf-bgj
imgq:100,h2pri
Untitled_design_34-559x327.jpg
www.westernjournal.com/wp-content/uploads/2022/06/
27 KB
27 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/06/Untitled_design_34-559x327.jpg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1df992a66032f716e701f7b66de7332ecd323263d44fa83482ded9002c7dbc1b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
19793
cf-polished
origSize=27906, status=webp_bigger
content-length
27314
last-modified
Fri, 24 Jun 2022 17:29:13 GMT
server
cloudflare
etag
"62b5f469-6d02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
720954621f1691ed-FRA
cf-bgj
imgq:100,h2pri
delivery.js
assets.revcontent.com/master/
150 KB
47 KB
Script
General
Full URL
https://assets.revcontent.com/master/delivery.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3475529f045a7ada245639945e7453d80c95b1013693bde90abfdc2bae7fc53f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
last-modified
Tue, 21 Jun 2022 18:51:02 GMT
server
AmazonS3
x-amz-request-id
ZPJRHFNTJYJC8Q4W
etag
"1bbc83f4f9e30099a86fbc2241de43ae"
x-hw
1656114248.cds252.fr8.hn,1656114248.cds146.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
48298
x-amz-id-2
hdN9oBMMM0r2QQazhbNNlG6SkYtCS1LgOQZcwvebDV1IJ7CLmUxesptbwcCRKJhWX382rKehJrc=
si
capi.connatix.com/tr/
0
116 B
Image
General
Full URL
https://capi.connatix.com/tr/si?token=360e998e-de7b-4e4c-a145-dc1919ba2590&cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
access-control-allow-credentials
true
accept-ranges
bytes
content-length
0
access-control-max-age
86400
content-type
application/json
Untitled-design-2022-06-24T092702.013-559x327.jpg
www.westernjournal.com/wp-content/uploads/2022/06/
29 KB
30 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/06/Untitled-design-2022-06-24T092702.013-559x327.jpg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
882e75fa8aefbf0f38095f5baf2e28b34f5f16a4ad0a7ef9d69ff9b933956b5e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
34886
cf-polished
origSize=31932, status=webp_bigger
content-length
30158
last-modified
Fri, 24 Jun 2022 13:29:12 GMT
server
cloudflare
etag
"62b5bc28-7cbc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
720954623f4891ed-FRA
cf-bgj
imgq:100,h2pri
riot-police-and-AOC-559x327.jpg
www.westernjournal.com/wp-content/uploads/2022/06/
26 KB
27 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/06/riot-police-and-AOC-559x327.jpg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
daaf53498a72eab3b356181d1252e9a8f1fb0891480928a5699b6df3b897e907
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
23572
cf-polished
origSize=27361, status=webp_bigger
content-length
26957
last-modified
Fri, 24 Jun 2022 16:44:33 GMT
server
cloudflare
etag
"62b5e9f1-6ae1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
720954623f4991ed-FRA
cf-bgj
imgq:100,h2pri
baby-1-559x327.jpg
www.westernjournal.com/wp-content/uploads/2022/06/
15 KB
16 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/uploads/2022/06/baby-1-559x327.jpg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3b327a1abb414ad4ecf04c5247215019996f3107cb1f766d0a027798be45b3c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
181
cf-polished
origSize=17244, status=webp_bigger
content-length
15810
last-modified
Fri, 24 Jun 2022 22:19:51 GMT
server
cloudflare
etag
"62b63887-435c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
720954623f4a91ed-FRA
cf-bgj
imgq:100,h2pri
connatix.player.dc.js
cds.connatix.com/p/167773/ Frame 80D2
Redirect Chain
  • https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
  • https://cds.connatix.com/p/167773/connatix.player.dc.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
915 KB
212 KB
Script
General
Full URL
https://cds.connatix.com/p/167773/connatix.player.dc.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2151acb1544f96b2cb90d3d55aa1cb47b92b24ce62e113583bce8321e0173982

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
last-modified
Fri, 24 Jun 2022 09:43:27 GMT
age
50322
etag
"af750add6989bdba51417fd6204c3f04"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
217210

Redirect headers

location
https://cds.connatix.com/p/167773/connatix.player.dc.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
date
Fri, 24 Jun 2022 23:44:08 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0
access-control-max-age
86400
westernjournal.com.1280823.js
jsc.mgid.com/w/e/
2 KB
2 KB
Script
General
Full URL
https://jsc.mgid.com/w/e/westernjournal.com.1280823.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa41f74f82d68f4d212c2199e8d46f06a61a4d033c54e69f8a24caa3161f463d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
cf-cache-status
HIT
age
314
cf-polished
origSize=2330
last-modified
Tue, 07 Jun 2022 00:56:26 GMT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
P34DMMVZP1SKA9FR
x-amz-id-2
0gDLFXnEaCgZ+hFs9iudpNW5uihApQHTDQupes5N0JXeyykwAoWQ6YqA2L8QWWr3qkp+uHxAtwE=
cf-bgj
minify
server
cloudflare
etag
W/"212f22eb5976d27bbc88b0394c5701fd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=10800
x-amz-version-id
.MxcTOfD3be_4oyk5ruyqhpFYTM_xVZk
cf-ray
72095463293d9a1d-FRA
expires
Sat, 25 Jun 2022 02:44:08 GMT
ats.js
ats.rlcdn.com/
109 KB
37 KB
Script
General
Full URL
https://ats.rlcdn.com/ats.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-6.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
qhkEQKrW4Gg_gxbK41emvSsDXWYdvDMl
content-encoding
gzip
etag
W/"148e21f812b555a13b2a9c6b616141f4"
age
68414
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:598424ed-c6de-48e8-8068-45662e39c3ce
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
58acf9e97c03c481f490be71338f7f57
last-modified
Tue, 17 May 2022 11:35:33 GMT
server
AmazonS3
date
Fri, 24 Jun 2022 04:43:55 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
57180e34d853b9e6be67670dae22a049fb237e6bca37c60f7ba138272a8487cc
via
1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=86400
x-amz-cf-pop
FRA6-C1
content-type
application/x-javascript
x-amz-cf-id
aDOuk1bBnYqoLpbOF76ChhnHmnEGhTNzi7wZwLvUDD1_zHGKBVe04g==
quant.js
secure.quantserve.com/
24 KB
10 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Fri, 01 Jul 2022 23:44:08 GMT
atrk.gif
certify.alexametrics.com/
43 B
551 B
Image
General
Full URL
https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&time=1656114246545&time_zone_offset=0&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&random_number=9714585058&sess_cookie=313cf9311819819f390056084d9&sess_cookie_flag=1&user_cookie=313cf9311819819f390056084d9&user_cookie_flag=1&dynamic=true&domain=westernjournal.com&account=C1z2k1acFH002c&jsv=20130128&user_lang=en-US
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-9.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 03:29:01 GMT
Via
1.1 24c299c0a6423c6f96984a85fb014108.cloudfront.net (CloudFront)
Last-Modified
Mon, 17 Jan 2011 20:41:40 GMT
Server
AmazonS3
Age
72908
ETag
"221d8352905f2c38b3cb2bd191d630b0"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
X-Amz-Cf-Pop
FRA2-C1
x-amz-meta-alexa-last-modified
20110117123941
Content-Length
43
X-Amz-Cf-Id
veI30vuQBq0BvQZUXr8zMzHbdj1jxH1AiAhGLG67AmVPFCyzmBqTSw==
x.png
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/
0
48 B
Image
General
Full URL
https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.131.187.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-131-187-0.us-east-2.compute.amazonaws.com
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
server
Server
f7060245-2280-4168-a5a7-87f79f9d0e3e.js
d3lcz8vpax4lo2.cloudfront.net/header-tags/9af198ff-22cf-4d4b-80d5-b58d0f23e539/
165 KB
33 KB
Script
General
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/header-tags/9af198ff-22cf-4d4b-80d5-b58d0f23e539/f7060245-2280-4168-a5a7-87f79f9d0e3e.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:c400:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fb66b921631fedc2fc9d2c817ca2d835005f7544c08f40024c737b17863b3e3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
nBm6qF9TMXOCJK98R1LamnUHv1_hwFJp
content-encoding
br
last-modified
Thu, 23 Jun 2022 05:37:59 GMT
server
AmazonS3
age
52
etag
W/"b4bc9b4a7e038c2871f754dc87f725c9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 32e3b86ae254a231182567c0124af892.cloudfront.net (CloudFront)
cache-control
max-age=60
date
Fri, 24 Jun 2022 23:44:08 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
GSE598J0qXjkWun3vcYWHSAPN7kNaQ9ALcH_EGuNV8tui79Uuxnw7w==
/
geoip.instiengage.com/json/
241 B
432 B
XHR
General
Full URL
https://geoip.instiengage.com/json/
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.110.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-110-18.compute-1.amazonaws.com
Software
/
Resource Hash
5facd4568889c6ffce325fcca41eec6dfb52d8972fbc331c295e86591b355820

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:08 GMT
access-control-allow-credentials
true
x-database-date
Fri, 24 Jun 2022 19:14:22 GMT
content-length
241
vary
Origin
content-type
application/json
index.html
auth.instiengage.com/auth/ Frame A036
73 B
426 B
Document
General
Full URL
https://auth.instiengage.com/auth/index.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ec00:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fb7e70becd9b9f29c4afe8b2b82eef24739e120c0abafc812e24c8362657f37d

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
19
content-length
73
content-type
text/html
date
Fri, 24 Jun 2022 23:43:50 GMT
etag
"d143b1e94cfb2dcb20bcad0f44fd1f0a"
last-modified
Thu, 28 Oct 2021 14:58:38 GMT
server
AmazonS3
via
1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
x-amz-cf-id
vV7epgWYjJsrtls9K3G1aTZZcxVW82cuCzSxfvGfRwrLC8ReUZrJmg==
x-amz-cf-pop
FRA2-C2
x-amz-version-id
Z_9pWwT0klc7emOur8LDxIaKOSvjAB6l
x-cache
Hit from cloudfront
getemails.js
s3-us-west-2.amazonaws.com/files.getemails.com/account/K97HRE0/source/
0
0
Script
General
Full URL
https://s3-us-west-2.amazonaws.com/files.getemails.com/account/K97HRE0/source/getemails.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.169.88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

appstore.svg
www.westernjournal.com/wp-content/plugins/wj-functionality/assets/images/
11 KB
4 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/plugins/wj-functionality/assets/images/appstore.svg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b119677aab360b1b7905cbc521eba617ec9429c3bff70cd00b9f6ccddcb3e026
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 24 Jun 2022 17:19:26 GMT
server
cloudflare
age
6078
etag
W/"62b5f21e-2a35"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=1800
strict-transport-security
max-age=2592000; includeSubDomains
cf-ray
72095463283291ed-FRA
googleplay.png
www.westernjournal.com/wp-content/plugins/wj-functionality/assets/images/
8 KB
8 KB
Image
General
Full URL
https://www.westernjournal.com/wp-content/plugins/wj-functionality/assets/images/googleplay.png
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b63 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f3e38a262ae300f7e99e8ab0950ea6e67d7404331b374506bc0cd60e03e69cd
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Accept
cf-cache-status
HIT
age
6078
cf-polished
origFmt=png, origSize=16773
content-disposition
inline; filename="googleplay.webp"
content-length
8262
last-modified
Fri, 24 Jun 2022 17:19:25 GMT
server
cloudflare
etag
"62b5f21d-4185"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains
content-type
image/webp
cache-control
max-age=1800
accept-ranges
bytes
cf-ray
72095463283391ed-FRA
cf-bgj
imgq:100,h2pri
user_visited_page
telemetries.jeeng.com/api/events/ Frame
0
0
Preflight
General
Full URL
https://telemetries.jeeng.com/api/events/user_visited_page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.247.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
19.247.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.westernjournal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Access-Control-Request-Headers
via
1.1 google
x-powered-by
Express
skeleton.gif
static.adsafeprotected.com/
43 B
480 B
Image
General
Full URL
https://static.adsafeprotected.com/skeleton.gif
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:c400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 06 Aug 2021 16:14:35 GMT
via
1.1 ec9e3bc729d9c6d55ed32446408ad62e.cloudfront.net (CloudFront)
age
27847774
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
43
last-modified
Mon, 17 Aug 2020 23:55:15 GMT
server
AmazonS3
etag
"45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id
iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control
max-age=315360000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
image/gif
x-amz-cf-id
x3VeEBGw2v_L965k7eG0diJRioBpWs77m7g3bZjySka4nQbMIJB6_g==
user_visited_page
telemetries.jeeng.com/api/events/
15 B
30 B
XHR
General
Full URL
https://telemetries.jeeng.com/api/events/user_visited_page
Requested by
Host: users.api.jeeng.com
URL: https://users.api.jeeng.com/users/domains/VAM4nzne41/sdk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.247.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
19.247.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-type
application/json

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
via
1.1 google
etag
W/"f-v/Y1JusChTxrQUzPtNAKycooOTA"
x-powered-by
Express
content-type
application/json; charset=utf-8
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html
platform.twitter.com/widgets/ Frame 0A4D
319 KB
104 KB
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fwww.westernjournal.com
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67AA) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
17566
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105433
Content-Type
text/html; charset=utf-8
Date
Fri, 24 Jun 2022 23:44:08 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Thu, 02 Jun 2022 18:01:40 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67AA)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
/
geoip.instiengage.com/json/
241 B
431 B
XHR
General
Full URL
https://geoip.instiengage.com/json/
Requested by
Host: product.instiengage.com
URL: https://product.instiengage.com/product-loader-code/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.110.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-110-18.compute-1.amazonaws.com
Software
/
Resource Hash
5facd4568889c6ffce325fcca41eec6dfb52d8972fbc331c295e86591b355820

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:08 GMT
access-control-allow-credentials
true
x-database-date
Fri, 24 Jun 2022 19:14:23 GMT
content-length
241
vary
Origin
content-type
application/json
js
www.googletagmanager.com/gtag/
194 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-DCR5CPLYCJ&l=dataLayer&cx=c
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ca1ab0ec9fe0a49f58ff50136a015c7a02471d5bf089129cdaea3d82ae47b046
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70644
x-xss-protection
0
expires
Fri, 24 Jun 2022 23:44:08 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
3301
date
Fri, 24 Jun 2022 22:49:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 25 Jun 2022 00:49:07 GMT
fbevents.js
connect.facebook.net/en_US/
100 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26344
x-xss-protection
0
pragma
public
x-fb-debug
gs3GNMHt7pYJWxg5yqGgNo2llAlbvqw1zqRlARfwT4dtU6TAR4mMojv/nP6caT56G+Nt6gYIJWOlAgD7M5jMhA==
x-fb-trip-id
917726464
x-frame-options
DENY
date
Fri, 24 Jun 2022 23:44:08 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
adagio.js
script.4dex.io/
72 KB
23 KB
Fetch
General
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1507311
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx8e0f26a152e747f3bce44-00629f4bf4
x-amz-id-2
tx8e0f26a152e747f3bce44-00629f4bf4
last-modified
Tue, 10 May 2022 09:57:31 GMT
server
cloudflare
etag
W/"2430496689c00115831347992a974246"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=be%2FkR3%2FU4pGWIEIhqqdN4nxA0TkRZ9Rnv%2BQiz6Nfgbz%2BMMisuWbEhPxrK8s4OS03XOXCyBSlf1sDTMHi9tB4u464m9zyLWFtmcQe9PFkr5xtVxgjo4EKjDIOZqeFnj1u6FH%2F7G8wlPJnUyq1"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1652176651393042
cf-ray
72095463fdd49bb9-FRA
access-control-allow-headers
Authorization
bundle.js
auth.instiengage.com/auth/ Frame A036
74 KB
25 KB
Script
General
Full URL
https://auth.instiengage.com/auth/bundle.js
Requested by
Host: auth.instiengage.com
URL: https://auth.instiengage.com/auth/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ec00:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
454e275a24548d7c90f785185bef0f45a1a31227dbdf262e23663d3a1c893d34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.instiengage.com/auth/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
z9_dsDhFEXvmKWuBLcY14W3grjGzZbNe
content-encoding
br
last-modified
Fri, 11 Feb 2022 18:07:15 GMT
server
AmazonS3
age
287
etag
W/"9bea1145c763a33ae96eac3f3997743f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
date
Fri, 24 Jun 2022 23:39:23 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
wg5ktsP0jJ8p1fp4xzWW2MCxqUTm8YOe9Jewb0ZtZiFCcyorlD44Bw==
entities
users.api.jeeng.com/
81 B
568 B
XHR
General
Full URL
https://users.api.jeeng.com/entities?description_md5=0f9e5c99f71815935003be35a7309ec7&domain_id=VAM4nzne41&image_url_encoded_md5=f8c94cb1b60da6f50cdfe973bc37a736&image_url_md5=f8c94cb1b60da6f50cdfe973bc37a736&published_at_md5=49d66af8c2fef35ae8c3a91a31b1abf3&read_only=false&sdk_version=5.10&title_md5=5e82d9f8ecb64bb2228d9b9d4f4e1e37&url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F
Requested by
Host: users.api.jeeng.com
URL: https://users.api.jeeng.com/users/domains/VAM4nzne41/sdk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:39ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
07524aa416e4a3f7a08a65f65cc991c4cef3472db97a83b16e57c5fad30933ed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
via
1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
age
2106
x-powered-by
Express
x-cache
Hit from cloudfront
content-encoding
gzip
server
cloudflare
etag
W/"51-yl5FyDqT4aMO7UtbibMocViAUIE"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
5f444d1bd8e698674136e88056697602
cache-control
max-age=3600
x-amz-cf-pop
FRA60-P2
cf-ray
72095464e952995d-FRA
x-amz-cf-id
LMl1d1yrg5EP8BGuJMLVqZOYZ2dVlO5q35c37FpXaL4yJpCDVzeLQA==
config
c.amazon-adsystem.com/cdn/prod/
0
0

bid
c.amazon-adsystem.com/e/dtb/
23 B
497 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&pid=eN6h4P7mJSnzc&cb=0&ws=1600x1200&v=8.0.1&t=1000&slots=%5B%7B%22sd%22%3A%22BB1%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F101957818%2C22550773714%2FWesternJournal%2FWesternJournal_Article%2FWesternJournal_Article_Direct%2FWesternJournal_Article_Direct_BB1%22%7D%2C%7B%22sd%22%3A%22WP1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F101957818%2C22550773714%2FWesternJournal%2FWesternJournal_Article%2FWesternJournal_Article_Direct%2FWesternJournal_Article_Direct_WP1%22%7D%2C%7B%22sd%22%3A%22SB2%22%2C%22s%22%3A%5B%22300x250%22%2C%221x1%22%5D%2C%22sn%22%3A%22%2F101957818%2C22550773714%2FWesternJournal%2FWesternJournal_Article%2FWesternJournal_Article_Direct%2FWesternJournal_Article_Direct_SB2%22%7D%5D&schain=1.0%2C1!fireflyengagement.com%2C2018001%2C1%2C%2C%2C&pubid=da224ee9-07c8-4a80-87e4-528df4ac939e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-78.fra2.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
via
1.1 69f13f852a135432abb1b7bfc5a8b420.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA2-C1
x-amz-rid
B1V2VHREAXZP52A1YM1V
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
ZBKJNVW72EUUodBbtrwbJdFXWd1k7Qt-1JOeJpOXy8TqksYemHjOuw==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-78.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 05:01:52 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
age
67337
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Thu, 16 Jun 2022 07:15:00 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
V0pVBg0mlfLR15rr7Wd2OdbBwvWb7BSE
via
1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA2-C1
content-type
application/javascript
x-amz-cf-id
eHoSQfNIDqUx0ll4eKHG_3N7cOgcqJoT6sLS0tWsspIY1OGsf2DDCA==
b
sb.scorecardresearch.com/
0
190 B
Image
General
Full URL
https://sb.scorecardresearch.com/b?c1=2&c2=20480112&cs_it=b3&cv=3.8.0.210223&ns__t=1656114246911&ns_c=UTF-8&c7=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&c8=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&c9=
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-28.fra2.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
via
1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
vzg0K0KX6PAgJVjSnKYk_P2HWyan9jJnHAGdfCZQjJdkGBFkl5S0yg==
x-cache
Miss from cloudfront
/
geoip.insticator.com/json/
241 B
432 B
XHR
General
Full URL
https://geoip.insticator.com/json/
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/9af198ff-22cf-4d4b-80d5-b58d0f23e539/f7060245-2280-4168-a5a7-87f79f9d0e3e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.182.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-182-17.compute-1.amazonaws.com
Software
/
Resource Hash
5facd4568889c6ffce325fcca41eec6dfb52d8972fbc331c295e86591b355820

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:08 GMT
access-control-allow-credentials
true
x-database-date
Fri, 24 Jun 2022 19:14:23 GMT
content-length
241
vary
Origin
content-type
application/json
9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
df80k0z3fi8zg.cloudfront.net/files/instibid/
332 KB
88 KB
Script
General
Full URL
https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7800:10:3422:3f00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8e7e6f292a3241de5e35474380f8f3066f83231b54503b35eb9772b2017e2b43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
qEcSsh_GMOF1nrUpjlMPWqLOy_PQhV9B
content-encoding
br
last-modified
Thu, 23 Jun 2022 05:37:59 GMT
server
AmazonS3
age
65119
etag
W/"0fd6871b6ec05ce574886822e07962cb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
date
Fri, 24 Jun 2022 05:38:50 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
1RdNF2uG87TlxsCdXtm97hp6jhUNP2CYa5N_fOHi4SCuu8WhSwmKeA==
pwt.js
ads.pubmatic.com/AdServer/js/pwt/95054/2912/
205 KB
63 KB
Script
General
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/95054/2912/pwt.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1d9411a3eb3af20c314c2ee4bc617596a0347dc0eb50cfeb3c7a1cfb4e87c162

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
last-modified
Wed, 01 Jun 2022 18:08:45 GMT
server
Apache
etag
"1121321-333aa-5e066c7b2affc"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=162600
accept-ranges
bytes
content-type
text/javascript
content-length
64106
expires
Sun, 26 Jun 2022 20:54:08 GMT
config.js
confiant-integrations.global.ssl.fastly.net/GkEkQif6INZKXAE-PNQESRSrDNk/gpt_and_prebid/
53 KB
14 KB
Script
General
Full URL
https://confiant-integrations.global.ssl.fastly.net/GkEkQif6INZKXAE-PNQESRSrDNk/gpt_and_prebid/config.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5db570e9bf0f897dc63fb066146511c5258b1c5b9d7e59e33c5c89e12fd7bd4b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Age
3011
X-Cache
HIT
Connection
keep-alive
Content-Length
13401
x-amz-id-2
zR7xEpziRwWhTOV2uziaDkaqyU2rulUnuMbh9V5en/NXqhBXcN9GQ+kMhod3mnD17IEW8jHTbh4=
X-Served-By
cache-fra19175-FRA
Last-Modified
Fri, 24 Jun 2022 21:16:49 GMT
Server
AmazonS3
X-Timer
S1656114249.529794,VS0,VE0
ETag
"feb8c53d56895e6580eeb4b8dbb7a7f2"
x-amz-request-id
HHDAKHDJKK695E3D
Via
1.1 varnish
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
2
pubads_impl_2022062203.js
securepubads.g.doubleclick.net/gpt/
370 KB
126 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062203.js?cb=31068192
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
sffe /
Resource Hash
fc6679c71ac75dd311c0014d34ecae7e64f7d98d2c9ee47d9abe610fed1216a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Thu, 23 Jun 2022 18:47:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
104178
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128508
x-xss-protection
0
last-modified
Wed, 22 Jun 2022 20:34:59 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 23 Jun 2023 18:47:50 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
355 B
803 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.westernjournal.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
96d484d4c55cfb18f67ea90802aa4e84b96c0573a907fd22f338844bb1625bf4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
166
x-xss-protection
0
expires
Fri, 24 Jun 2022 23:44:08 GMT
pwt.js
ads.pubmatic.com/AdServer/js/pwt/160835/4933/
198 KB
61 KB
Script
General
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dffb10001fdf28c41dc4fb6143a37317eea4fd2a561c0960eb19de3d2c77ffbc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
last-modified
Wed, 01 Jun 2022 13:27:15 GMT
server
Apache
etag
"16a1416-31943-5e062d8f97dfc"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=128246
accept-ranges
bytes
content-type
text/javascript
content-length
62018
expires
Sun, 26 Jun 2022 11:21:34 GMT
event
event.insticator.com/v1/
0
125 B
XHR
General
Full URL
https://event.insticator.com/v1/event?event_name=event_pageview
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/9af198ff-22cf-4d4b-80d5-b58d0f23e539/f7060245-2280-4168-a5a7-87f79f9d0e3e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.207.20.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-20-6.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Allow-Origin
*
Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:08 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
event
event.insticator.com/v1/ Frame
0
0
Preflight
General
Full URL
https://event.insticator.com/v1/event?event_name=event_pageview
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.207.20.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-20-6.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
access-control-allow-origin,content-type
Access-Control-Request-Method
POST
Origin
https://www.westernjournal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
access-control-allow-origin,content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.westernjournal.com
access-control-max-age
3600
content-length
0
date
Fri, 24 Jun 2022 23:44:08 GMT
vary
Origin
westernjournal.com.1280823.es6.js
jsc.mgid.com/w/e/
263 KB
76 KB
Script
General
Full URL
https://jsc.mgid.com/w/e/westernjournal.com.1280823.es6.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
235807101dabfaef2fd3dd7601fc93ec442b6f300a3acb712091092b089778da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
cf-cache-status
HIT
age
6817
cf-polished
origSize=269560
last-modified
Wed, 15 Jun 2022 13:37:39 GMT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
3EWQWTGE84HG76KT
x-amz-id-2
Bj9HflTgGYddywXvGf8a35858jEO1zi4c8pzbnj7MLGNKgHOHjBTntJXCrzaA8KCBsOeNmcgng8=
cf-bgj
minify
server
cloudflare
etag
W/"84bedc5de85067c6d5d53bd7e8517881"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=10800
x-amz-version-id
AGTJKt3FC6m7sSQLEj2nSAk8w2GoOJcD
cf-ray
72095465cfd29968-FRA
expires
Sat, 25 Jun 2022 02:44:08 GMT
/
geo.privacymanager.io/
28 B
593 B
Fetch
General
Full URL
https://geo.privacymanager.io/
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-93.fra2.r.cloudfront.net
Software
/
Resource Hash
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 03:51:32 GMT
via
1.1 5c79308f72e53cdf81a950b478a7e144.cloudfront.net (CloudFront), 1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront)
age
71556
x-amzn-requestid
0913bfea-c32f-4c37-8ae7-0168c47b413e
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-62b534c4-6289e59b577ce3642ba0f042;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-P3, FRA2-C2
x-amz-apigw-id
UNUurGf8joEFkVw=
content-length
28
x-amz-cf-id
KsYvV978QusMK0ERKf7WNQPKMqkxRgWfUt6AGlxM9FqZFbQdiSwI_w==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
rules-p-kZpd2WPpvPttS.js
rules.quantcount.com/
2 B
344 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-kZpd2WPpvPttS.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:b600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 22:58:38 GMT
via
1.1 e9101023ffbe04130b9d4cac0cf9eebc.cloudfront.net (CloudFront)
server
AmazonS3
age
2730
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-P2
content-length
2
x-amz-cf-id
EhUeLWKJwLTQRJjB0AgfnQS17SqVWM6mxt2ND0txtqtgpMc3NE7WJw==
settings
syndication.twitter.com/ Frame 0A4D
512 B
521 B
Fetch
General
Full URL
https://syndication.twitter.com/settings?session_id=e9cdbe68a78aa2b0d4cefdb4bf229c4ac86a62c5
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fwww.westernjournal.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
a15f95e938fbfd9ffef12a20682cdb3eebc3cfefa4843ceab38d0ff1a612cbda
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-response-time
115
date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 23:44:08 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
549f825e38ade68a0a0c16f0cd23a91ad0fefab832c3f5979daa789d790156e9
content-length
241
linkid.js
www.google-analytics.com/plugins/ua/
2 KB
884 B
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 22:58:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2744
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 24 Jun 2022 23:58:24 GMT
1897937520432117
connect.facebook.net/signals/config/
288 KB
83 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1897937520432117?v=2.9.62&r=stable
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3a8a003a69d26abd22359d9e8f1c6d576476dc102772bc316c3ba8f9d0d1869b
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
84895
x-xss-protection
0
pragma
public
x-fb-debug
AOLif7k5de9QXicaYsxXIoZ0QqnA0RLdfYWL0LCeazhdAKDiodL8d6QWMIl1ktADBlsQ2QY2fJzexXKmCVZSMQ==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 24 Jun 2022 23:44:08 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
352 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-DCR5CPLYCJ&gtm=2oe6m0&_p=2011416346&_z=ccd.v9B&cid=1586728738.1656114247&ul=en-us&sr=1600x1200&_s=1&sid=1656114247&sct=1&seg=0&dl=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&dt=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DCR5CPLYCJ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.westernjournal.com%2F&domain=www.westernjournal.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.westernjournal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 24 Jun 2022 23:44:08 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1112
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.westernjournal.com%2F&domain=www.westernjournal.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=zjUnXXwwT1FqZUxuem5GWXhaL2M1eUJOQTkzZzBBMGhVZm5jYVdYRWN2bmd2WUlhcVpmbWpzdk90d2VaWWpmWC9WT1gwNWlJd0tjbXA1eHREY2JBM2h0WktGRkxVOEl1YTNvczJ0dFNSdExCVFprUG9lK3NYZmZLTWdmdz...
342 B
611 B
XHR
General
Full URL
https://mug.criteo.com/sid?cpp=zjUnXXwwT1FqZUxuem5GWXhaL2M1eUJOQTkzZzBBMGhVZm5jYVdYRWN2bmd2WUlhcVpmbWpzdk90d2VaWWpmWC9WT1gwNWlJd0tjbXA1eHREY2JBM2h0WktGRkxVOEl1YTNvczJ0dFNSdExCVFprUG9lK3NYZmZLTWdmdzcwK05VZHE3QmVOSThSa0o2alRrdlU3YnlqRkZPNE42cDVjUUJNYWUwcElPWldzQlNzYWxnNmhxbmR1U1JtQ0hoUTJpZmtkSkZrelZkVEJtSFBTNXovTnFoVWhLY3ZoRytCS3l6aG1IaDRvZDRnV1dPQnN3YnVEeWxyNkNwRlNWbkRoMTM1azY1fA&cppv=2
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
7e9fa5da553218275bb1d00114d0f14bc8c5b1833ea3c0b633921d455fdb1f46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2448
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:08 GMT
location
https://mug.criteo.com/sid?cpp=zjUnXXwwT1FqZUxuem5GWXhaL2M1eUJOQTkzZzBBMGhVZm5jYVdYRWN2bmd2WUlhcVpmbWpzdk90d2VaWWpmWC9WT1gwNWlJd0tjbXA1eHREY2JBM2h0WktGRkxVOEl1YTNvczJ0dFNSdExCVFprUG9lK3NYZmZLTWdmdzcwK05VZHE3QmVOSThSa0o2alRrdlU3YnlqRkZPNE42cDVjUUJNYWUwcElPWldzQlNzYWxnNmhxbmR1U1JtQ0hoUTJpZmtkSkZrelZkVEJtSFBTNXovTnFoVWhLY3ZoRytCS3l6aG1IaDRvZDRnV1dPQnN3YnVEeWxyNkNwRlNWbkRoMTM1azY1fA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1272
content-length
509
expires
0
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.westernjournal.com
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.westernjournal.com
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
48 KB
11 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=937115591132651&correlator=1817139888647284&eid=31068192%2C44761477%2C42531605&output=ldjh&gdfp_req=1&vrg=2022062203&ptt=17&impl=fifs&iu_parts=101957818%3A22550773714%2CWesternJournal%2CWesternJournal_Article%2CWesternJournal_Article_Direct%2CWesternJournal_Article_Direct_BB1%2CWesternJournal_Article_Direct_WP1%2CWesternJournal_Article_Direct_SB2&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F5%2C%2F0%2F1%2F2%2F3%2F6&prev_iu_szs=970x250%7C970x90%7C728x90%2C1x1%2C300x250%7C1x1&ifi=1&adks=1409352590%2C842552181%2C2671899693&sfv=1-0-38&ecs=20220624&fsapi=false&prev_scp=ad_h%3D23%26amznbid%3D2%26amznp%3D2%26hb_format_appnexus%3Dbanner%26hb_source_appnexus%3Dclient%26hb_size_appnexus%3D970x250%26hb_pb_appnexus%3D0.02%26hb_adid_appnexus%3D2317a1f6f9e5414%26hb_bidder_appnexus%3Dappnexus%26hb_format_rubicon%3Dbanner%26hb_source_rubicon%3Dclient%26hb_size_rubicon%3D970x250%26hb_pb_rubicon%3D0.05%26hb_adid_rubicon%3D2146e08ffb7c853%26hb_bidder_rubicon%3Drubicon%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D970x250%26hb_pb%3D0.05%26hb_adid%3D2146e08ffb7c853%26hb_bidder%3Drubicon%7Cad_h%3D23%26amznbid%3D2%26amznp%3D2%7Cad_h%3D23%26amznbid%3D2%26amznp%3D2%26hb_format_appnexus%3Dbanner%26hb_source_appnexus%3Dclient%26hb_size_appnexus%3D300x250%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D24085dfe0287144%26hb_bidder_appnexus%3Dappnexus%26hb_format_rubicon%3Dbanner%26hb_source_rubicon%3Dclient%26hb_size_rubicon%3D300x250%26hb_pb_rubicon%3D0.02%26hb_adid_rubicon%3D22d2f5328adcc1b%26hb_bidder_rubicon%3Drubicon%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.02%26hb_adid%3D22d2f5328adcc1b%26hb_bidder%3Drubicon&eri=1&cust_params=ADRIZER_DEST%3D2c82c8aa96a2409ed0cd02f59d218bb8%26ADRIZER_SOURCE%3Ddc0cf5a290bb215566ff55ec995c7225%26ADRIZER_SOURCES%3D554838a8451ac36cb977e719e9d6623c%26ADRIZER_DESTS%3D4d1561a0b9559270591a9cb29799197c%26Site%3Dhttp%253A%252F%252Fwww.westernjournal.com%26Tag%3Dcrime%252Cmurder%252CUS%2520news%26Category%3DNews%26URL%3D%252Fnotebook-uncovered-brian-laundries-rema%26GoogleCompliant%3Dtrue%26utm_campaign%3Dtgm%26utm_content%3Dcan%26utm_medium%3Dtgm%26utm_source%3Dsocial%26ip%3D0%26he%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1656114247266&lmt=1656114247&dlt=1656114246090&idt=1129&biw=1600&bih=1200&adxs=315%2C-12245933%2C1066&adys=310%2C-12245933%2C1296&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&frm=20&vis=1&scr_x=0&scr_y=0&psz=1168x268%7C64x19%7C336x18&msz=970x-1%7C0x-1%7C336x0&fws=0%2C128%2C0&ohw=0%2C0%2C0&ga_vid=1586728738.1656114247&ga_sid=1656114247&ga_hid=2011416346&ga_fc=true&btvi=0%7C-1%7C1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062203.js?cb=31068192
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e9464ed692c6ced184204c81937d8e95fec43d9b207aca9a512fc03a6879ca75
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11438
x-xss-protection
0
google-lineitem-id
-1,-2,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-2,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0130
6 KB
4 KB
Document
General
Full URL
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:08 GMT
expires
Sat, 24 Jun 2023 23:44:08 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/167773/ Frame 80D2
0
47 KB
Other
General
Full URL
https://cds.connatix.com/p/167773/hls.5b3b785f487abbe00eee.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
last-modified
Fri, 24 Jun 2022 09:43:28 GMT
age
50349
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
player.css
cds.connatix.com/p/167773/
58 KB
9 KB
Stylesheet
General
Full URL
https://cds.connatix.com/p/167773/player.css
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6b40f0d5cfa95c272e1a5a6c2ad7b9089ad07d3e938ea0f9f0693ab7f6a175e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
content-encoding
br
last-modified
Fri, 24 Jun 2022 09:43:28 GMT
age
50349
etag
"b07e9f868d1c559a08538d3b52f384bc"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
8890
wrap.js
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202206201825/
204 KB
66 KB
Script
General
Full URL
https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202206201825/wrap.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2ea4e6420a06884ea2613cad4c76e860fd3bc2880a226d838d854c7d5bbbe80c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:08 GMT
Content-Encoding
gzip
Age
768
X-Cache
HIT
Connection
keep-alive
Content-Length
66657
x-amz-id-2
7M+EWFpV0Lxjtho9UgJ7UeDaYb+BorX3vnyKGNBZDdu5ghmVEtWfWJ1A56XVB9NxUHMNH+nluCk=
X-Served-By
cache-fra19175-FRA
Last-Modified
Mon, 20 Jun 2022 22:28:52 GMT
Server
AmazonS3
X-Timer
S1656114249.978848,VS0,VE0
ETag
"15d576dd2669f83213a04eb7353e87d2"
x-amz-request-id
J3WWMRXQMWV144RW
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
1065
tag.min.js
get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/
23 KB
8 KB
Script
General
Full URL
https://get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/tag.min.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-99.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbff952e8c47bf976906662ac210c3ae9aaf8e10820d404e8f760bc273bcb4fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
MzFJp_hCplumN12v7na.JL4ToSqQ7M.M
content-encoding
gzip
last-modified
Mon, 30 May 2022 15:16:46 GMT
server
AmazonS3
age
81423
etag
W/"32357f1c0de69779f4fedf3aeb29d83e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Fri, 24 Jun 2022 01:07:07 GMT
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
IKWCpQe6wZmB5UUts-UkTJofyUs_X7ToO55M8sIrXzsD2xzsWaZ10w==
/
trends.revcontent.com/api/demand/
52 B
271 B
Fetch
General
Full URL
https://trends.revcontent.com/api/demand/?w=110580
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.243.115.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-115-165.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:09 GMT
access-control-allow-credentials
true
server
Apache/2.4.25 (Debian)
content-length
52
strict-transport-security
max-age=931536000; includeSubDomains
content-type
text/html; charset=UTF-8
sync
trends.revcontent.com/
0
0
Fetch
General
Full URL
https://trends.revcontent.com/sync
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.243.115.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-115-165.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:09 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
openrtb
ex.ingage.tech/v1/ Frame
0
0
Preflight
General
Full URL
https://ex.ingage.tech/v1/openrtb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:efc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.westernjournal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.westernjournal.com
access-control-max-age
3600
cf-cache-status
DYNAMIC
cf-ray
720954688ece8ff5-FRA
content-length
0
date
Fri, 24 Jun 2022 23:44:09 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin, Access-Control-Request-Headers
insticator
insticator.technoratimedia.com/openrtb/bids/ Frame
0
0
Preflight
General
Full URL
https://insticator.technoratimedia.com/openrtb/bids/insticator?src=prebid_prebid_6.15.0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.148.45.191 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.westernjournal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST, GET, HEAD, OPTIONS
access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:09 GMT
server
nginx
trinity.json
apex.go.sonobi.com/
154 B
914 B
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%222e1608643ed5ae%22%3A%22c2e260cfe351e337fda0%7C300x250%7Cgpid%3Dwesternjournal.com-div-insticator-ad-cmt-1%22%2C%2232c0c7cbbe70dd%22%3A%22ed20059b2775a9921552%7C300x250%7Cgpid%3Dwesternjournal.com-div-insticator-ad-cmt-2%22%2C%2244192a919fc6ab%22%3A%22af6f1db0bef4da9f6f7f%7C300x250%7Cgpid%3Dwesternjournal.com-div-insticator-ad-cmt-3%22%2C%22539539aa99af3a%22%3A%22aa7d27ad7bdb63242ebd%7C300x250%7Cgpid%3Dwesternjournal.com-div-insticator-ad-cmt-4%22%7D&ref=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&s=9402c4c0-97b4-46b9-8327-29694773bf15&pv=92f0e6c7-a565-4fc3-96e6-2cd3869be01e&vp=desktop&lib_name=prebid&lib_v=6.15.0&us=50&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22insticator.com%22%2C%22sid%22%3A%227afb724c-10ef-44e8-8817-eb6f9a5668db%22%2C%22hp%22%3A1%7D%5D%7D&coppa=0
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
239905ea2a4cb2d69b0cd5fe3288d88914ba9273aaa40d257bf2414a7fc0aa69
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:09 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.westernjournal.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
179
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
openrtb
ex.ingage.tech/v1/
2 KB
1 KB
XHR
General
Full URL
https://ex.ingage.tech/v1/openrtb
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:efc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d02385f4ea73da5807796463aa3b1d17773858a8a58cd44bbe393793396e8e5a

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
cf-ray
720954697bdd690f-FRA
hb
ssc.33across.com/api/v1/
87 B
179 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=aleOzs7Kyr7ioGrkHcnlxd
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4f8035e9fd480fae061866c65c51ca5d4a47a8b231a7abb995e6b9e028305bc5

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
hb
ssc.33across.com/api/v1/
87 B
170 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=asRWdk7Kyr7ioGrkHcnlxd
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4f8035e9fd480fae061866c65c51ca5d4a47a8b231a7abb995e6b9e028305bc5

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
hb
ssc.33across.com/api/v1/
87 B
347 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=aBPa4O7Kyr7ioGrkHcnlxd
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4f8035e9fd480fae061866c65c51ca5d4a47a8b231a7abb995e6b9e028305bc5

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
hb
ssc.33across.com/api/v1/
87 B
170 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=aISzFq7Kyr7ioGrkHcnlxd
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4f8035e9fd480fae061866c65c51ca5d4a47a8b231a7abb995e6b9e028305bc5

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
bid
ap.lijit.com/rtb/
94 B
751 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
e9bead8b43eda156bc7763b9804252df01174b483e33c69f934c970474e17d51

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 24 Jun 2022 23:44:09 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.westernjournal.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
97
insticator
insticator.technoratimedia.com/openrtb/bids/
0
298 B
XHR
General
Full URL
https://insticator.technoratimedia.com/openrtb/bids/insticator?src=prebid_prebid_6.15.0
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.148.45.191 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
10822890
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
arj
insticator-d.openx.net/w/1.0/
73 B
385 B
XHR
General
Full URL
https://insticator-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=39f23dfb-0da9-4993-9e0d-7e9a20bfbb3e%2C5cdfce77-8c81-47c7-90a8-6b6528e00592%2C0011f46d-d72f-422d-9e76-6fc59ee470b7%2C3855307d-ffe9-43d9-b8db-da1f4aeabe54&nocache=1656114247460&pubcid=938484e2-2d2c-447c-b166-2017eb23571f&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&aus=300x250%7C300x250%7C300x250%7C300x250&divids=div-insticator-ad-cmt-1%2Cdiv-insticator-ad-cmt-2%2Cdiv-insticator-ad-cmt-3%2Cdiv-insticator-ad-cmt-4&aucs=westernjournal.com-div-insticator-ad-cmt-1%2Cwesternjournal.com-div-insticator-ad-cmt-2%2Cwesternjournal.com-div-insticator-ad-cmt-3%2Cwesternjournal.com-div-insticator-ad-cmt-4&auid=545638243%2C545638243%2C545638243%2C545638243
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/7f1e280 /
Resource Hash
b53b47e5a8bb654decb02cc6736cb5ff1dd834cb829e944e56144e91c2e0993f

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
server
OXGW/7f1e280
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.westernjournal.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/
0
65 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:08 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/
56 KB
12 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
390a2fdcf12af7d5d900541bb5ed21a7d43b581f11229bee320c32c204c5182c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 24 Jun 2022 23:44:09 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
37.58.58.243; 37.58.58.243; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
781c0c60-1052-4ad2-9e07-ea0aed424128
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.westernjournal.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
c
prebid.a-mo.net/a/
10 KB
4 KB
XHR
General
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
b27ab9354547c9cd3fc1dcf035b84230a6525038364262e3f5ed294709fc1c7a

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
server
envoy
vary
origin, accept-encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
198
content-length
3791
mvo
tag.1rx.io/rmp/213163/0/
0
178 B
XHR
General
Full URL
https://tag.1rx.io/rmp/213163/0/mvo?z=1r&hbv=6.15,2.1
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.43 Beverwijk, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.westernjournal.com
pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
/
hb.emxdgt.com/
0
164 B
XHR
General
Full URL
https://hb.emxdgt.com/?t=3000&ts=1656114247467&src=pbjs
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.73.18.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-73-18-26.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:09 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
imp
g2.gumgum.com/hbid/
3 KB
2 KB
XHR
General
Full URL
https://g2.gumgum.com/hbid/imp?lt=1656114247469&to=0&aun=div-insticator-ad-cmt-1&gpid=westernjournal.com-div-insticator-ad-cmt-1&maxw=300&maxh=250&si=308808&pi=3&bf=300x250&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.15.0%22%7D&ogu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&ns=9523
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.208.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-208-161.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2d6e7a5d8efa320d78ef0c482eaf81cd3fc14cac1a0e0fc736f46b8d2becf47c

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/
3 KB
2 KB
XHR
General
Full URL
https://g2.gumgum.com/hbid/imp?lt=1656114247470&to=0&aun=div-insticator-ad-cmt-2&gpid=westernjournal.com-div-insticator-ad-cmt-2&maxw=300&maxh=250&si=308809&pi=3&bf=300x250&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.15.0%22%7D&ogu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&ns=9523
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.208.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-208-161.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
48a36cdd95cbd1eb349dbd2c9edc359a416dbc707e394c902252982ba2579b82

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/
3 KB
2 KB
XHR
General
Full URL
https://g2.gumgum.com/hbid/imp?lt=1656114247470&to=0&aun=div-insticator-ad-cmt-3&gpid=westernjournal.com-div-insticator-ad-cmt-3&maxw=300&maxh=250&si=308810&pi=3&bf=300x250&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.15.0%22%7D&ogu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&ns=9523
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.208.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-208-161.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c11a3613e170b16988f0b2d00354054ea95a77986d10a8cecba9c0697451285c

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/
3 KB
2 KB
XHR
General
Full URL
https://g2.gumgum.com/hbid/imp?lt=1656114247470&to=0&aun=div-insticator-ad-cmt-4&gpid=westernjournal.com-div-insticator-ad-cmt-4&maxw=300&maxh=250&si=308811&pi=3&bf=300x250&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.15.0%22%7D&ogu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&ns=9523
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.208.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-208-161.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
75b97a0ddeffae2f46af1f6f06656851e305362ed808d2d695ea098cf2b83ade

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/
648 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17062&site_id=155412&zone_id=739730%3B739732%3B739734%3B2469380&size_id=15&rp_schain=1.0,1!insticator.com,7afb724c-10ef-44e8-8817-eb6f9a5668db,1,6afa787aecd10e,,&rf=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&tg_i.pbadslot=westernjournal.com-div-insticator-ad-cmt-1%3Bwesternjournal.com-div-insticator-ad-cmt-2%3Bwesternjournal.com-div-insticator-ad-cmt-3%3Bwesternjournal.com-div-insticator-ad-cmt-4&tk_flint=pbjs_lite_v6.15.0&x_source.tid=5b75e04e-978d-4873-a2a6-d623362264e4%3Be1e3fb8b-9406-421d-b29d-1e2131999275%3B1328664f-a9d0-4cf9-b561-9a5acc6c10b9%3B45e4f48c-6258-4aca-af7f-ef1a82a65655&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=westernjournal.com-div-insticator-ad-cmt-1%3Bwesternjournal.com-div-insticator-ad-cmt-2%3Bwesternjournal.com-div-insticator-ad-cmt-3%3Bwesternjournal.com-div-insticator-ad-cmt-4&slots=4&rand=0.11043033215737252
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
a10508ed79a478a619e4d791409f24f37b58d1f2dd47e423ad5b63137f5da720

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:09 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.westernjournal.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
648
Expires
Wed, 17 Sep 1975 21:32:10 GMT
header
hb.aralego.com/
0
331 B
XHR
General
Full URL
https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A294B4487796AD9C6D8A3E844922B3&tdid=&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&eids=&host=www.westernjournal.com&u=https%3A%2F%2Fwww.westernjournal.com&xr=0&ucfUid=66c5e703-daa2-4ed3-b905-99df3b32505c&w=300&h=250
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.200.41 Norfolk, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.westernjournal.com
Date
Fri, 24 Jun 2022 23:44:09 GMT
Access-Control-Allow-Credentials
true
Connection
close
header
hb.aralego.com/
0
331 B
XHR
General
Full URL
https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A294B4487796AD9C6D8A3E844922B3&tdid=&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&eids=&host=www.westernjournal.com&u=https%3A%2F%2Fwww.westernjournal.com&xr=0&ucfUid=66c5e703-daa2-4ed3-b905-99df3b32505c&w=300&h=250
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.200.41 Norfolk, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.westernjournal.com
Date
Fri, 24 Jun 2022 23:44:09 GMT
Access-Control-Allow-Credentials
true
Connection
close
header
hb.aralego.com/
0
331 B
XHR
General
Full URL
https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A294B4487796AD9C6D8A3E844922B3&tdid=&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&eids=&host=www.westernjournal.com&u=https%3A%2F%2Fwww.westernjournal.com&xr=0&ucfUid=66c5e703-daa2-4ed3-b905-99df3b32505c&w=300&h=250
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.200.41 Norfolk, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.westernjournal.com
Date
Fri, 24 Jun 2022 23:44:09 GMT
Access-Control-Allow-Credentials
true
Connection
close
header
hb.aralego.com/
0
331 B
XHR
General
Full URL
https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A294B4487796AD9C6D8A3E844922B3&tdid=&schain=1.0%2C1!insticator.com%2C7afb724c-10ef-44e8-8817-eb6f9a5668db%2C1%2C6afa787aecd10e%2C%2C&eids=&host=www.westernjournal.com&u=https%3A%2F%2Fwww.westernjournal.com&xr=0&ucfUid=66c5e703-daa2-4ed3-b905-99df3b32505c&w=300&h=250
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.200.41 Norfolk, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.westernjournal.com
Date
Fri, 24 Jun 2022 23:44:09 GMT
Access-Control-Allow-Credentials
true
Connection
close
bid
c.amazon-adsystem.com/e/dtb/
23 B
496 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&pid=eN6h4P7mJSnzc&cb=1&ws=1600x1200&v=8.0.1&t=3000&slots=%5B%7B%22sd%22%3A%22div-insticator-ad-cmt-1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F2507246%2Fwesternjournal.com_Web_300x250_cmt_1%22%7D%2C%7B%22sd%22%3A%22div-insticator-ad-cmt-2%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F2507246%2Fwesternjournal.com_Web_300x250_cmt_2%22%7D%2C%7B%22sd%22%3A%22div-insticator-ad-cmt-3%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F2507246%2Fwesternjournal.com_Web_300x250_cmt_3%22%7D%2C%7B%22sd%22%3A%22div-insticator-ad-cmt-4%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F2507246%2Fwesternjournal.com_Web_300x250_cmt_4%22%7D%5D&schain=1.0%2C1!fireflyengagement.com%2C2018001%2C1%2C%2C%2C&pubid=da224ee9-07c8-4a80-87e4-528df4ac939e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-78.fra2.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
via
1.1 69f13f852a135432abb1b7bfc5a8b420.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA2-C1
x-amz-rid
MC07Y2EM4W10VNK5H81R
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
14SZh6EboXCOGBClOsQj7PC8qh-lKDmEqvIRyMMW-eT_1eNrMaS8Qg==
sid
mug.criteo.com/ Frame
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=zjUnXXwwT1FqZUxuem5GWXhaL2M1eUJOQTkzZzBBMGhVZm5jYVdYRWN2bmd2WUlhcVpmbWpzdk90d2VaWWpmWC9WT1gwNWlJd0tjbXA1eHREY2JBM2h0WktGRkxVOEl1YTNvczJ0dFNSdExCVFprUG9lK3NYZmZLTWdmdzcwK05VZHE3QmVOSThSa0o2alRrdlU3YnlqRkZPNE42cDVjUUJNYWUwcElPWldzQlNzYWxnNmhxbmR1U1JtQ0hoUTJpZmtkSkZrelZkVEJtSFBTNXovTnFoVWhLY3ZoRytCS3l6aG1IaDRvZDRnV1dPQnN3YnVEeWxyNkNwRlNWbkRoMTM1azY1fA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 24 Jun 2022 23:44:08 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1161
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
pixel;r=1484660524;rf=0;a=p-kZpd2WPpvPttS;url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Ds...
pixel.quantserve.com/
35 B
372 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=1484660524;rf=0;a=p-kZpd2WPpvPttS;url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan;uh=2b2e810c2650318ae57ec03ce144a48b3c391eec5f4ba97535f7b2f3fafd1234;uht=0;fpan=1;fpa=P0-1248229432-1656114247509;pbc=938484e2-2d2c-447c-b166-2017eb23571f;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=westernjournal.com;je=0;sr=1600x1200x24;dst=0;et=1656114247508;tzo=0;ogl=locale.en_US%2Ctype.article%2Ctitle.'I%20Ended%20Her%20Life'%3A%20Brian%20Laundrie's%20Confession%20to%20Gabby%20Petitio's%20Murder%20Reveal%2Cdescription.A%20notebook%20found%20with%20Brian%20Laundrie's%20body%20in%20a%20Florida%20swamp%20contains%20a%20confes%2Curl.https%3A%2F%2Fwww%252Ewesternjournal%252Ecom%2Fnotebook-uncovered-brian-laundries-remains-contai%2Csite_name.The%20Western%20Journal%2Cimage.https%3A%2F%2Fwww%252Ewesternjournal%252Ecom%2Fwp-content%2Fuploads%2F2022%2F06%2FBrian-Laundrie-note%252Ejp%2Cimage%3Awidth.1200%2Cimage%3Aheight.630%2Cimage%3Atype.image%2Fjpeg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
container.html
7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4FD4
6 KB
3 KB
Document
General
Full URL
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:08 GMT
expires
Sat, 24 Jun 2023 23:44:08 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CD37
6 KB
3 KB
Document
General
Full URL
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:08 GMT
expires
Sat, 24 Jun 2023 23:44:08 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
stats.g.doubleclick.net/j/
4 B
447 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-54260989-7&cid=1586728738.1656114247&jid=1217733247&gjid=165871603&_gid=609141622.1656114247&_u=aGBAiUAjBAAAAE~&z=1314076446
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 24 Jun 2022 23:44:09 GMT
content-type
text/plain
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=2011416346&t=pageview&_s=1&dl=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&ul=en-us&de=UTF-8&dt=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiUAjB~&jid=1217733247&gjid=165871603&cid=1586728738.1656114247&tid=UA-54260989-7&_gid=609141622.1656114247&gtm=2wg6m0K3K9VP&cd1=http%3A%2F%2Fwww.westernjournal.com&cd2=crime&cd3=400&cd4=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&cd5=rmoorhead&cd6=News&cd7=2022-06-24&cd10=rmoorhead&cd11=rmoorhead&cd12=mariaspeckhard&cd14=crime%2C%20murder%2C%20US%20news&cd15=News&cd16=web&cd17=rmoorhead&cd23=18&cd24=102&cd25=84&cd29=0&cd33=2022-06-24T23%3A44%3A06.718%2B00%3A00&cd34=1656114246718.rek5464u&cd37=false&cd38=&cd39=&cd40=%27I%20Ended%20Her%20Life%27%3A%20Brian%20Laundrie%27s%20Confession%20to%20Gabby%20Petitio%27s%20Murder%20Revealed&cd41=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&cd42=3074950&cd43=standard&cd44=82&cd45=102&cd46=true&cd47=above_article&z=1421043167
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 06:34:57 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
61752
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
pls
capi.connatix.com/core/ Frame 80D2
8 KB
4 KB
XHR
General
Full URL
https://capi.connatix.com/core/pls?v=167773&cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2203165be79bbff463ca7d9d14fe08dd98eaf0f679404d5ace93a3acd1617f4f

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.westernjournal.com
access-control-max-age
86400
access-control-allow-credentials
true
accept-ranges
bytes
content-length
4401
/
www.facebook.com/tr/
44 B
297 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1897937520432117&ev=PageView&dl=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&rl=&if=false&ts=1656114247654&sw=1600&sh=1200&v=2.9.62&r=stable&ec=0&o=30&fbp=fb.1.1656114247653.1716539510&it=1656114247140&coo=false&exp=p0&rqm=GET
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Fri, 24 Jun 2022 23:44:09 GMT
/
www.facebook.com/tr/
44 B
101 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1897937520432117&ev=ViewContent&dl=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&rl=&if=false&ts=1656114247656&cd[content_name]=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&cd[content_tag]=%5B%22crime%2C%20murder%2C%20US%20news%22%5D&cd[content_category]=%5B%22News%22%5D&cd[articleReactions]=%5B%22undefined%22%5D&cd[articleVirtues]=%5B%22undefined%22%5D&cd[siteName]=http%3A%2F%2Fwww.westernjournal.com&cd[wordCount]=400&cd[articleTitle]=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&cd[articleSocialTitle]=%27I%20Ended%20Her%20Life%27%3A%20Brian%20Laundrie%27s%20Confession%20to%20Gabby%20Petitio%27s%20Murder%20Revealed&cd[articleSEOTitle]=Notebook%20Uncovered%20with%20Brian%20Laundrie%27s%20Remains%20Contains%20Shocking%20Confession%20to%20Gabby%20Petito%27s%20Murder&cd[articleChooser]=rmoorhead&cd[articleTitler]=rmoorhead&cd[articleTitleLength]=102&cd[articleSocialTitleLength]=82&cd[articleSEOTitleLength]=102&cd[articleAuthor]=rmoorhead&cd[articleEditor]=mariaspeckhard&cd[articleShareTextAuthor]=rmoorhead&cd[articleShareTextLength]=84&cd[articlePublishDate]=2022-06-24&cd[paragraphCount]=18&cd[articleID]=3074950&cd[articleFormat]=standard&cd[platform]=web&sw=1600&sh=1200&v=2.9.62&r=stable&ec=1&o=30&fbp=fb.1.1656114247653.1716539510&it=1656114247140&coo=false&exp=p0&rqm=GET
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Fri, 24 Jun 2022 23:44:09 GMT
25a84514-2678-44ee-8288-4c3b8520e150
https://www.westernjournal.com/
0
0
Other
General
Full URL
blob:https://www.westernjournal.com/25a84514-2678-44ee-8288-4c3b8520e150
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length
0
Content-Type
text/javascript
32dca14e-6524-4792-8b17-dd762fd264e1
https://www.westernjournal.com/
245 B
0
Other
General
Full URL
blob:https://www.westernjournal.com/32dca14e-6524-4792-8b17-dd762fd264e1
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length
245
Content-Type
text/javascript
tweet.45758a9d6fd14fe4ebd62b2170932592.js
platform.twitter.com/js/
8 KB
3 KB
Script
General
Full URL
https://platform.twitter.com/js/tweet.45758a9d6fd14fe4ebd62b2170932592.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D4) /
Resource Hash
4d64259e1efa5608b9da553ac10da15df5717d41e66fc25cada5a83697b72bed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:09 GMT
Content-Encoding
gzip
Age
17567
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
2690
x-tw-cdn
VZ
Last-Modified
Thu, 02 Jun 2022 18:01:33 GMT
Server
ECS (frb/67D4)
Etag
"e4bf092baf573285fddcbcaa6197634d+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
ga-audiences
www.google.com/ads/
42 B
501 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-54260989-7&cid=1586728738.1656114247&jid=1217733247&_u=aGBAiUAjBAAAAE~&z=1215141663
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-54260989-7&cid=1586728738.1656114247&jid=1217733247&_u=aGBAiUAjBAAAAE~&z=1215141663
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
trends.revcontent.com/api/delivery/
17 KB
7 KB
Fetch
General
Full URL
https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=110580&width=1600&rev_allow_cookies=0&site_url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&icr_url=&va=0&time=1656114247738&up=pc&bn=chrome&bv=103&widget_width=336&style_id=0&idhub[pubcid]=938484e2-2d2c-447c-b166-2017eb23571f
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.243.115.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-115-165.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
74aac076c1185350647d5c03245d0fa419dae54c7f8ca7560d4fb6a2358a3f71
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
server
Apache/2.4.25 (Debian)
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
strict-transport-security
max-age=931536000; includeSubDomains
content-length
7290
/
onetag-geo.s-onetag.com/
555 B
969 B
Fetch
General
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-71.fra2.r.cloudfront.net
Software
/
Resource Hash
f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 02:19:42 GMT
via
1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
age
77067
x-amzn-requestid
540c04c1-691e-48d0-8059-67fc3d1e49ce
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA56-P6, FRA2-C2
x-amz-apigw-id
UNHR2FrviYcF_3A=
content-length
555
x-amz-cf-id
TF2KOnAR178jfRmB_izDGKdkIZfWkYCbUZzXcY5CwaDH9R9CrlAlcQ==
beacon.min.js
signal-beacon.s-onetag.com/
30 KB
10 KB
Script
General
Full URL
https://signal-beacon.s-onetag.com/beacon.min.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-94.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2b174c2de49f6aa7f8b72125c63c163012b9ff34afdbdaea39b4c499e1d16df8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Fri, 24 Jun 2022 01:59:23 GMT
content-encoding
gzip
last-modified
Mon, 04 Apr 2022 13:02:16 GMT
server
AmazonS3
age
78287
etag
W/"af8244025b2d978df209bf028c458664"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
uiJ1YCXqTfg4YsRV.iQoQhQ_4iTW1U6K
via
1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
FRA2-C2
content-type
application/javascript
x-amz-cf-id
rM1F0eNtPyJuktu3nOjzVgmYIwYxd4-gqSxz0BO6QbtGICTkZQFMVA==
%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F
signal-segments.s-onetag.com/desktop/www.westernjournal.com/
27 KB
2 KB
Fetch
General
Full URL
https://signal-segments.s-onetag.com/desktop/www.westernjournal.com/%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-48.fra2.r.cloudfront.net
Software
/
Resource Hash
02fac5723af68ae2dc0ef378bd85d2bd698584fd9c89a90122c34d988c39503b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 20:57:45 GMT
via
1.1 91dc0292eef4e22508a3ae73fe64bbf4.cloudfront.net (CloudFront), 1.1 e976f829f2d1c4787d42d0595ae7cf74.cloudfront.net (CloudFront)
age
9984
x-amzn-requestid
b8e0a5df-f695-4e98-bce6-872b139306b8
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amzn-trace-id
Root=1-62b62549-50863d6d3019c0287c42d8fb;Sampled=0
x-amz-cf-pop
FRA56-P5, FRA2-C1
content-encoding
gzip
x-amz-apigw-id
UPrDiEShCYcFfyg=
x-amz-cf-id
TwrHxBXqBZAG6NVRegvyWB6qq-yp6taKlTNcQA8Ems6Wwbf8omAuhA==
www.westernjournal.com
signal-segments.s-onetag.com/desktop/
27 KB
2 KB
Fetch
General
Full URL
https://signal-segments.s-onetag.com/desktop/www.westernjournal.com
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-48.fra2.r.cloudfront.net
Software
/
Resource Hash
02fac5723af68ae2dc0ef378bd85d2bd698584fd9c89a90122c34d988c39503b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 16:06:31 GMT
via
1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront), 1.1 e976f829f2d1c4787d42d0595ae7cf74.cloudfront.net (CloudFront)
age
27457
x-amzn-requestid
1df04819-91bc-40f2-84e1-5681b7e25999
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amzn-trace-id
Root=1-62b5e107-28cd1cc1251cb50f48cce443;Sampled=0
x-amz-cf-pop
FRA2-C1, FRA2-C1
content-encoding
gzip
x-amz-apigw-id
UPAZQEIIiYcFQQA=
x-amz-cf-id
EjKicM8ndWsnDfCUfGqdKr3U5UCLxWFOk94IwLCBezUCefvDdmqH3Q==
adview
securepubads.g.doubleclick.net/pagead/ Frame CD37
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C2JgkSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTRA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSWr6qQgN68rGcEoNwUjA2e9YFGntMfb0M8BJ7swJd18jY9Ha96CNuAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMzQ3NzUzOTEyNzA4MDMwMxj64x8&sigh=8B63cx5bgOU&uach_m=[UACH]&cid=CAQSPgCNIrLMEOeWd_C7C4wq5AwwMK85j5XPKuyKM7v5Wr-uKHAkIyv9hvMx4H2YkX9s_ISpxYJddsnHyiYCnfjzGAE
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

notify
rtb.nl.eu.criteo.com/google/auction/ Frame CD37
0
0
Fetch
General
Full URL
https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kb-_E8c1rAL6AZ2DYgICAAAATSCTwBKj_etPXvjpEEhMtmJ9ylf28oCud4l9XwASAAA&wp=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
server
Kestrel
server-processing-duration-in-ticks
288674
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame D0F8
50 KB
19 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
59184c3a8f99aa481e7d8ee57391c6573bddb78be37f5f82da73c4b42ac28c30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:06 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=kl8sHwpuZ0sIrYYeGeb4c7h2cwuqja2Q9Hs612O1BSsABP_xq2xD7VozB897-NiQFAOiMjm4I7Re3I4RzDFSPVNWLQNJ_bG2rMyezSBUhSmMX1P2_DxbIX-fsKLFfFebNgrrf3G7EL9uokzWV7KIAwJiTeJg53eh4SIngVDOkfIfH8b5j7RcEGGr6zbDjsp40KV8qUOEArBAodDTp4NBGApEtIgE64VypBcbMRjQuYzab6IBIx6OSVqQBPO_ogN4KlxXYQ"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
5353538
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame CD37
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:36:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 Jul 2022 23:36:04 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CD37
137 KB
42 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43180
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1655912982481896"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 24 Jun 2022 23:44:09 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame CD37
17 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:33:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
652
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7309
x-xss-protection
0
server
cafe
etag
16921397534319471551
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 Jul 2022 23:33:17 GMT
l
www.google.com/ads/measurement/ Frame CD37
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTe_m_GGc6aVhkxIW53EWfpfIpsHUjiHeBQjScaUeJ-auT2Rn9jWy5UvZHUZ0sIsRD-SGaa_8hPZKmeKRtTRhkfAIjOfQ
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

ext.js
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame CD37
22 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 11:54:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
388174
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7022
x-xss-protection
0
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 20 Jun 2023 11:54:35 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 4FD4
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CuTxSSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTIA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqmgYRQeUEDzIPucgW527TyAev_l4xU36FjnBoE2VGkIJHRszzZBYeAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMzQ3NzUzOTEyNzA4MDMwMxj64x8&sigh=OpkNhnbbxq8&uach_m=[UACH]&cid=CAQSPgCNIrLMEOeWd_C7C4wq5AwwMK85j5XPKuyKM7v5Wr-uKHAkIyv9hvMx4H2YkX9s_ISpxYJddsnHyiYCnfjzGAE
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

notify
rtb.nl.eu.criteo.com/google/auction/ Frame 4FD4
0
0
Fetch
General
Full URL
https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=keHHEOv_CsoH-gGdg2ICAgAAAE0gk8ASo_3rT1746RBITLZi2rklT7FmttK6bXYAEgAA&wp=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:08 GMT
server
Kestrel
server-processing-duration-in-ticks
171441
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame A8EA
129 KB
44 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
47e3b1dfa1b0536dd841b3050192eb51ce77147865d49a85408497f1196f2a59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:09 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=xNCbqApuZ0sIrYYeS-4r4tnBiuvhvbi85Pg788OUYR7D-85zwtucS-3CZsxIkGQSL4_HLVKZOwfqboYxBJ4fV__GC15XIlK68-zSD5DRldIP3rUYMJsTBDdZMvxJoHB-L65DFASmAJEx8z2e1g4FDWFbA4rPR1HeNy0aieZG5ZoH15ePr_cNsVENh_qEtcSXYIBpAiiForvgICKEMfccSIPFR_oP4XkpX5hipeshD0Hd2AHXRmLhiG2ODQ74KMZHn73uUA"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
101016308
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 4FD4
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:36:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 Jul 2022 23:36:04 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4FD4
137 KB
42 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43180
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1655912982481896"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 24 Jun 2022 23:44:09 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 4FD4
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:33:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
652
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7309
x-xss-protection
0
server
cafe
etag
16921397534319471551
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 Jul 2022 23:33:17 GMT
l
www.google.com/ads/measurement/ Frame 4FD4
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTAr_vP2rPlDVHf8vfdEDOS-WzjDgZRclNWn6d8Igl4ly7YqxiifbvTyP7Rvk-__-nf2KpBEpyxsx6aFGRZ_ld42boM0Q
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

ext.js
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 4FD4
22 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js
Requested by
Host: 7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 11:54:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
388174
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7022
x-xss-protection
0
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 20 Jun 2023 11:54:35 GMT
insights.bin
ins.connatix.com/c2ba6f84-de01-411c-8d2e-af3691648f60/3/ Frame 80D2
164 B
467 B
XHR
General
Full URL
https://ins.connatix.com/c2ba6f84-de01-411c-8d2e-af3691648f60/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
002ca41a00cefb59d55419145c2671003bbfe1d87f01d35fb84b926c107411ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 21:07:08 GMT
age
8999
etag
"ba6d084e55a8f4cbc45661e67d0b9d7a"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
149
insights.bin
ins.connatix.com/8efe3b7e-b44e-45ed-a7fa-9e69ad4793e3/3/ Frame 80D2
101 B
206 B
XHR
General
Full URL
https://ins.connatix.com/8efe3b7e-b44e-45ed-a7fa-9e69ad4793e3/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
074dc47c45fe9549f97e9266f379162065c0d47e1365a91778a1e92ebcc8f903

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 22:09:38 GMT
age
5529
etag
"64a4bb674c6fbf586cd3024b2a588c2e"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
115
insights.bin
ins.connatix.com/5a51cccd-6357-4cd6-9c46-5539066e0e06/3/ Frame 80D2
128 B
221 B
XHR
General
Full URL
https://ins.connatix.com/5a51cccd-6357-4cd6-9c46-5539066e0e06/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1bc0a7a9de39aa054b47f03bbe8b2340a9f876b012cef93dfef3513101ff72cd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 19:41:11 GMT
age
8284
etag
"0338cf18b9e358a611fb880012d67a2a"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
131
insights.bin
ins.connatix.com/30edf15c-bac0-462e-bbb4-ff65423dea8f/3/ Frame 80D2
101 B
209 B
XHR
General
Full URL
https://ins.connatix.com/30edf15c-bac0-462e-bbb4-ff65423dea8f/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e1912d128bc417ca4901502317ca2327d83cb1585c70b0f9dd72ce75de72c955

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 18:52:00 GMT
age
16947
etag
"8867a74c95b58f6129c4ce34f2a659dd"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
117
insights.bin
ins.connatix.com/e21eb5c8-0ff1-403a-8739-503195d12d87/6/ Frame 80D2
56 B
160 B
XHR
General
Full URL
https://ins.connatix.com/e21eb5c8-0ff1-403a-8739-503195d12d87/6/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
16ae13b9f4cb67dc5ffc83bc2fc990aec4ff4149b1cd80935978fe0ca05812a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 19:12:02 GMT
age
16281
etag
"8a792d513187b010c9a52810fd0cde4f"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
70
insights.bin
ins.connatix.com/5c2c4e01-a53a-40bc-b4cf-88ec24dc2003/3/ Frame 80D2
29 B
129 B
XHR
General
Full URL
https://ins.connatix.com/5c2c4e01-a53a-40bc-b4cf-88ec24dc2003/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
50f1e71c7797ff502083a5363978998411a1732de42a8d0559f80ffe450b50e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 17:59:49 GMT
age
16388
etag
"26cf79e600759e10ceb2aa16de6dd0f0"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
39
insights.bin
ins.connatix.com/36b41254-7335-47e4-85e1-322b49f0d22f/3/ Frame 80D2
164 B
234 B
XHR
General
Full URL
https://ins.connatix.com/36b41254-7335-47e4-85e1-322b49f0d22f/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8f590898565021db0f62b4773bb41bcc4635f72415931bd8043c0233d0e749f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 17:51:29 GMT
age
21053
etag
"910ea016ab2adcece77560e0c6555ac2"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
144
insights.bin
ins.connatix.com/9a4f20c2-095c-4e19-a1e9-441cd0f00ff5/3/ Frame 80D2
137 B
231 B
XHR
General
Full URL
https://ins.connatix.com/9a4f20c2-095c-4e19-a1e9-441cd0f00ff5/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
38ffd5b3a278cbd8b0ba2117c4f26551c830522dfba7c0b4d6b72472a22ad9fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 17:27:00 GMT
age
22011
etag
"fdd2970447d9085bf5f24ae145eb8354"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
139
insights.bin
ins.connatix.com/9513b47d-842b-4c55-9099-df76428a1750/3/ Frame 80D2
92 B
189 B
XHR
General
Full URL
https://ins.connatix.com/9513b47d-842b-4c55-9099-df76428a1750/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c55385c2c0d6655032284dea4b251c28a1996e612e089f2789f65f4d92a09a61

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 17:25:42 GMT
age
22083
etag
"22d613dc443f1b6b82d7af86a6736a30"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
98
insights.bin
ins.connatix.com/cd8721f3-d7a5-4a04-95dd-b39ddc0bee93/3/ Frame 80D2
56 B
392 B
XHR
General
Full URL
https://ins.connatix.com/cd8721f3-d7a5-4a04-95dd-b39ddc0bee93/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ebcc8d707eab793eab2a1b184c2834cb646a724999efad20e4992130041522d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 17:04:38 GMT
age
21328
etag
"0988eac1539369e20ee9015b7bf81a3f"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
75
blockedDomains_1.bin
lit.connatix.com/08d84f88-5c3f-4c74-8e09-824cb4460927/ Frame 80D2
65 B
300 B
XHR
General
Full URL
https://lit.connatix.com/08d84f88-5c3f-4c74-8e09-824cb4460927/blockedDomains_1.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
66209bec2d6a6e5ff98435e03508825e6e50015917ac83302f4b438603d33476

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 16 Feb 2021 13:25:12 GMT
age
3953631
etag
"937b87fd949773c9532513ce0a503579"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
62
sr
capi-tier-2-us-east-2.connatix.com/tr/ Frame 80D2
0
323 B
XHR
General
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=167773&cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.129.144.192 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-129-144-192.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gpt.js
securepubads.g.doubleclick.net/tag/js/
82 KB
27 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
sffe /
Resource Hash
f4acfb16299806e77e1da433abba8a24380022da1c3217f72c56be8a5a1cea72
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28124
x-xss-protection
0
server
sffe
etag
"1255 / 641 of 1000 / last-modified: 1656108433"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 24 Jun 2022 23:44:09 GMT
3_media.bin
vid.connatix.com/pid-360e998e-de7b-4e4c-a145-dc1919ba2590/c2ba6f84-de01-411c-8d2e-af3691648f60/ Frame 80D2
386 B
421 B
XHR
General
Full URL
https://vid.connatix.com/pid-360e998e-de7b-4e4c-a145-dc1919ba2590/c2ba6f84-de01-411c-8d2e-af3691648f60/3_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f09d1a217da176f2dcfd4ed359c00396ddb9a30fcec932f5b8cc1d5b707de64d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Fri, 24 Jun 2022 21:07:08 GMT
age
1795
etag
"9e405f0f01f08833920b328ceb533af1"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
331
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 80D2
372 KB
125 KB
Script
General
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1a113034bdbdeaa7add41b1d85d4ebb360ceab32740506bef533dd883ed1888c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126826
x-xss-protection
0
expires
Fri, 24 Jun 2022 23:44:09 GMT
2.png
img.connatix.com/pid-360e998e-de7b-4e4c-a145-dc1919ba2590/360e998e-de7b-4e4c-a145-dc1919ba2590/
8 KB
8 KB
Image
General
Full URL
https://img.connatix.com/pid-360e998e-de7b-4e4c-a145-dc1919ba2590/360e998e-de7b-4e4c-a145-dc1919ba2590/2.png
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
06cec1f5d6ddbd571ebcea93c0d7b118b301b5a90d0dd01cc0fc3ddfcc7c5463

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
br
age
2042075
etag
"DjjaypRQtq3FFoV9W7rtBdyELLrNsBOHtvpNCL6Idsc"
access-control-max-age
86400
fastly-io-info
ifsz=19885 idim=478x478 ifmt=png ofsz=8402 odim=478x478 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
7935
privacy_small.svg
static.criteo.net/flash/icon/ Frame D0F8
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 19 Jun 2023 23:44:09 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame D0F8
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 19 Jun 2023 23:44:09 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame D0F8
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Mon, 19 Jun 2023 23:44:09 GMT
back_button2.svg
static.criteo.net/flash/icon/ Frame D0F8
293 B
621 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button2.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
last-modified
Thu, 28 Apr 2022 09:09:48 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"626a59dc-125"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
293
expires
Mon, 19 Jun 2023 23:44:09 GMT
lg.php
cat.nl.eu.criteo.com/delivery/ Frame D0F8
43 B
347 B
Image
General
Full URL
https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=z3mQAVfhEHTz2WfzFxc2X4BGHxqCmGAUDX_1bf0dHgVwKm1WDnK4_JGwbC7Lz4d9YXhfUSkycmcLixtSQhJCeo8psfCS5ClywpaTC4CdORfGvWrtmwSepm0MJLueo1_LIDpCIaBRayg7TEOecQPxdbGdEQ7rB10zgG2d1GLxcVnwpNjVIGYBMG4nSDNbOiFxitp7q0uQWZsVHJvYxOcQhUtzgDNh6KQ1t2FXrkhBMnIW6pvQDiNdX0zdUkw5r-Gl_AyyP3V9jrNrfV7871ijQN80G1GTwbu-U89YR7WmcRGBPoG8BnoQLAjOFcCtER-QdrgZtBTthIrZshhk9yquwKAFe4Iva7_W4qCQNM2REJ_jEGbIp1OxxR4ZIjk2FLyUXvViqu4RqxJZKkrGG0g6PdiAlW6GnBCbxKrhNJJthld3zkxAQ5u1Z97OXT-B6o2Tdl7JuA
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3837413
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
9d2ad47d5a8241fb9b9b57f7c6d0d97b_image_ad_300x250.png
static.criteo.net/design/dt/85689/220527/ Frame D0F8
82 KB
82 KB
Image
General
Full URL
https://static.criteo.net/design/dt/85689/220527/9d2ad47d5a8241fb9b9b57f7c6d0d97b_image_ad_300x250.png
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
4f129931bad21a887749f3132874c1f32581913d703f9e76179d842898cf12d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
last-modified
Fri, 27 May 2022 07:59:50 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"629084f6-1472c"
strict-transport-security
max-age=31536000; preload;
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
83756
expires
Mon, 19 Jun 2023 23:44:09 GMT
privacy_small.svg
static.criteo.net/flash/icon/ Frame A8EA
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 19 Jun 2023 23:44:09 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame A8EA
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 19 Jun 2023 23:44:09 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame A8EA
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Mon, 19 Jun 2023 23:44:09 GMT
back_button2.svg
static.criteo.net/flash/icon/ Frame A8EA
293 B
621 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button2.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
last-modified
Thu, 28 Apr 2022 09:09:48 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"626a59dc-125"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
293
expires
Mon, 19 Jun 2023 23:44:09 GMT
lg.php
cat.nl.eu.criteo.com/delivery/ Frame A8EA
43 B
348 B
Image
General
Full URL
https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=G_0lnTwpcLadq_588PclzjuNGUD0F-bPSwIanDgRwnS8EFnxYKlAWFeZZF36LI-bfLOe_WrZbIaPUbbFVdgvpreEjEdV_4XoZ32SD6Tjg6L02BXOY-EfP9oCHLRfdXh45-Sutkz345ruv-qgun4J9_PV3wvFNIrWiqtnRnavMGWIf78G_Yv60WpX_cN2ZNdBTenxWsssCZzNJ10eiimD6TpXllRNzM-8QSNDh2eS6lileEsx--HevHEa8Ia7I8OXEE4RR09w2SyD79zSdJ4KHJ4Olvo8bHO6gMMKUlTPX5Ka7euUR3KM3Vvqu3yY05QPquyqsvFsNZPSIgTlBY04AFuK_WYTbQT6_g1zAto3eCYXXy8gyNh-1nvwSchdhzKwZFN-0k29nX0wBx157J0KxwVf9ai3Vf0MIbw70VYY5ycjsVK74G2NQlnrEjxyYWq_3X8R3A
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:09 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3057122
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
Tweet.html
platform.twitter.com/embed/ Frame 0660
487 B
0
Document
General
Full URL
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=WestJournalism&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9LCJ0ZndfcmVmc3JjX3Nlc3Npb24iOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd191c2VyX2ZvbGxvd19pbnRlbnRfMTQ0MDYiOnsiYnVja2V0IjoiZm9sbG93IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1540412715415617536&lang=en&origin=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&sessionId=e9cdbe68a78aa2b0d4cefdb4bf229c4ac86a62c5&siteScreenName=WestJournalism&theme=light&widgetsVersion=b45a03c79d4c1%3A1654150928467&width=550px
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6724) /
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1064
Cache-Control
public, max-age=1800
Content-Length
487
Content-Type
text/html; charset=utf-8
Date
Fri, 24 Jun 2022 23:44:09 GMT
Etag
"97e3ad2b09c08dc43cc138ec6a2da62a"
Last-Modified
Mon, 06 Jun 2022 17:12:40 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/6724)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
X-Cache
HIT
x-tw-cdn
VZ
jot
syndication.twitter.com/i/
43 B
380 B
Image
General
Full URL
https://syndication.twitter.com/i/jot?dnt=1&l=%7B%22experiment_key%22%3A%22tfw_tweet_result_migration_13979%22%2C%22bucket%22%3A%22tweet_result%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%22item_ids%22%3A%5B%221540412715415617536%22%5D%2C%22item_details%22%3A%7B%221540412715415617536%22%3A%7B%22item_type%22%3A0%7D%7D%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1656114248104%2C%22dnt%22%3Atrue%2C%22client_version%22%3A%22b45a03c79d4c1%3A1654150928467%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_tweet_result_migration_13979%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=e9cdbe68a78aa2b0d4cefdb4bf229c4ac86a62c5
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
121
pragma
no-cache
last-modified
Fri, 24 Jun 2022 23:44:09 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
549f825e38ade68a0a0c16f0cd23a91ad0fefab832c3f5979daa789d790156e9
x-transaction
49cd9c6943195418
expires
Tue, 31 Mar 1981 05:00:00 GMT
impression
trends.revcontent.com/event/
0
0
Fetch
General
Full URL
https://trends.revcontent.com/event/impression
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.243.115.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-115-165.eu-west-1.compute.amazonaws.com
Software
Grizzly/2.4.4 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:09 GMT
access-control-allow-credentials
true
server
Grizzly/2.4.4
access-control-allow-headers
Content-Type
strict-transport-security
max-age=931536000; includeSubDomains
articleCirculation.delivery.js
assets.revcontent.com/master/
21 KB
7 KB
Script
General
Full URL
https://assets.revcontent.com/master/articleCirculation.delivery.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4c7ade1d6ee1350da73979edf8c9576a2e7bc38c159ff30aa6069adbb88244fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 21 Jun 2022 18:51:07 GMT
server
AmazonS3
x-amz-request-id
ZPJR7T633ZDBV6R0
etag
"94636d97247140965750d8b5e9b74bd7"
x-hw
1656114249.cds252.fr8.hn,1656114249.cds291.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
7085
x-amz-id-2
uwAc57gWZNMamHQ5wY9vPP89DbLl6IWUHQNvKn8ARiwTZbO/0mD2XP0w/w8FlwOsYJKkE7rOev4=
defaultWidget~feedWidget.delivery.js
assets.revcontent.com/master/
20 KB
7 KB
Script
General
Full URL
https://assets.revcontent.com/master/defaultWidget~feedWidget.delivery.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
90176985c01af6ad56f71f16d239840e755dea86f271d10d56f049b97463acca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 21 Jun 2022 18:51:06 GMT
server
AmazonS3
x-amz-request-id
1PY4DQY5NVT2XR6D
etag
"c9be8158eaa0cad42c43a30da4edaca4"
x-hw
1656114249.cds252.fr8.hn,1656114249.cds154.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
6545
x-amz-id-2
RxxAqnMLuHcoF9Z8/UbADohODFxJ5L03/Uvyzou0wxEtzUFKunnWiaEoAfGl6gB7nd16v0QKlfs=
defaultWidget.delivery.js
assets.revcontent.com/master/
16 KB
6 KB
Script
General
Full URL
https://assets.revcontent.com/master/defaultWidget.delivery.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
490dd47125a8e21c381273ac9b7b95ad05c1e9957c6b7862b149ebf1959a0efe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 21 Jun 2022 18:51:03 GMT
server
AmazonS3
x-amz-request-id
ZPJMB2ZR99RG7PYN
etag
"31f8182d1a821663357d0a8a0acfbcd0"
x-hw
1656114249.cds252.fr8.hn,1656114249.cds280.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
6051
x-amz-id-2
eGVDdlAfQ8wvvf3HeCqbMF5LSq+CTPGK85mGyVdc0skL9ybvXdEOyWOVnaz7ZawVOxB//QFYAZc=
commonModal.delivery.js
assets.revcontent.com/master/
3 KB
2 KB
Script
General
Full URL
https://assets.revcontent.com/master/commonModal.delivery.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
36c33f3a067ff55b9289f4dac7a17385530d015ca98991634554934b3d80a477

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Tue, 21 Jun 2022 18:51:05 GMT
server
AmazonS3
x-amz-request-id
ZPJMRH8KH9PX6DXQ
etag
"ed7512f90301c2c4d948243d8892fe6f"
x-hw
1656114249.cds252.fr8.hn,1656114249.cds002.fr8.c
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=60
accept-ranges
bytes
content-length
1653
x-amz-id-2
rPM66nTIcvBYoh0j8YVpVvcOKGzBYN/UMAU1LCphZdGU/ts5SI8/M1GR8W7XOhPjXFD6Tgthtek=
A-60B151DA8288234CC8284E80-1.js
s3.amazonaws.com/js.revcontent.com/p0/js/
696 B
1 KB
Script
General
Full URL
https://s3.amazonaws.com/js.revcontent.com/p0/js/A-60B151DA8288234CC8284E80-1.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.87.78 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
62b994e83624d746da4862895d63dd1fda14d7e851270b153f5335a9b74e17ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:11 GMT
Last-Modified
Mon, 23 May 2022 16:07:23 GMT
Server
AmazonS3
x-amz-request-id
GHSZVYTEWTNMYA7A
ETag
"0169736fdeced47eca992b1e9814de21"
Content-Type
text/javascript
Accept-Ranges
bytes
Content-Length
696
x-amz-id-2
mhk4GTRESvTfR/qB1lN1gkyRXDz74MXhu/5ldEO48d/hhzH/MS4C684HnWXpRDR5y0qgxtno67Q=
/
img.revcontent.com/
1 KB
1 KB
Image
General
Full URL
https://img.revcontent.com/?url=https://cdn.revcontent.com/assets/img/full_color.png&static=true
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
last-modified
Thu, 02 Jun 2022 15:22:42 GMT
etag
"1654183362"
x-hw
1656114249.cds287.fr8.hn,1656114249.cds260.fr8.c
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1351
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/167773/ Frame 80D2
162 KB
47 KB
Script
General
Full URL
https://cds.connatix.com/p/167773/hls.5b3b785f487abbe00eee.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
br
last-modified
Fri, 24 Jun 2022 09:43:28 GMT
age
50349
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
truncated
/ Frame CD37
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9e6ea77f1468c678fa18c965cfc4e8e1f50a48212df52bf7a951d63da30ac22e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
all
csm.eu.criteo.net/ Frame D0F8
0
0

criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame D0F8
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 19 Jun 2023 23:44:09 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame D0F8
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-FAH_ZKgAAwQ2HV-658q52dAQ39wZA&u=%7CLrfJxOaTkxO7B09KeyWVsiABVak9CaCdPIa5CinG4%2Bw%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwuneLHx3NJ0pDjjEeoP2frno4uRKwVq-aRy1ERp2K4WEUASa29psnWXgZ2xMBHEyRffQQUS_XnODk0osNDFSEuTiukPZRMoNIkY8fr1Lbv1YZh_1nQqL7KlCwdzxpaxmbPyO0Ewa10yGRY0yS5ygd_D55ru0PiXbkGLlJehqQkDgIdP2TiJ28OaMi6Xh8eyxQArSz0QLy_xW6J74R3TXfNyhQnfQHhdTYtAmUoUUjjvWA1eVbUW3laiB5NBcpNi3YuMoJqN8oUeXHONrFv7roah9p10EeTF3sCVflLy_esayFIbSC6hzi3e5Z0R17k2l0x_ZC-iwFFN8i84ZXrQ8gvMt1m1QSqlyhEtkOev5fEso-C9tjsPKWJZZKXalwsP-ipTpMI_9XBFQg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-4SGSEy2YtDwN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTUA0_QaNVhxUeTZRUuylOUwQl8qAr7UjeW-BAzeOaqY_p_KwvqJ9i2md_xpqBv2-yhuHmRqt7Na-PZ1dIISnXp7bqV_abG91pDOpRxm0SzaGrJE_CByXtuBpCmBgJFplCan_ZjewDN0o1V1qki9BBO6SAU1EjEwCgFFKLpeoyN7FGbO_3fqzMQneNthaGPWUjAIErMh30LnlOSvES7Mg1H5f86DIsF6v8lWl0Y9nYyv7HHfgZEBTiPodZyJxfdxoTltsK_5ZDi-EJw2VyLSvwlQrW_19hsmLGEyBwt5LAoe27IFjSToAYsCpVb1DUjP-wo-Xcox-qXFsn4YKVdnUq8b84K4axrtAaG-FEE4ldTUhkowKNOwseDCoG1yHXlg66pfqTTiKR0BIZZ5APF30Wo_84GqOo8QtRS3BatGJPM_j8T3XrS0jyOB9TQnxYBK5hk13tKFsdd1DH2HrTVsMaNlbX3fhclUGXLenGB5GUDnvC5afDaGQiyCMJzZAfKg2iRyfcSW6SS0Uez8nSBYl3vQ3TZJ-rIdsoEA2s1mk7AmQE1L6TivOufQHtOFSXp6IWysCC3Cn60I6bzPsFFaUWtAs31yE2174aW12JioZfCwVqRidkVIeAEAYAG_N_EuvnhhtUuoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dIvBBSo428KDnP8PNEgNdImbj7g%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 19 Jun 2023 23:44:09 GMT
event
event.insticator.com/v1/ Frame
0
0
Preflight
General
Full URL
https://event.insticator.com/v1/event?event_name=event_adunit-load
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.207.20.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-20-6.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.westernjournal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.westernjournal.com
access-control-max-age
3600
content-length
0
date
Fri, 24 Jun 2022 23:44:09 GMT
vary
Origin
event
event.insticator.com/v1/
0
125 B
XHR
General
Full URL
https://event.insticator.com/v1/event?event_name=event_adunit-load
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/9af198ff-22cf-4d4b-80d5-b58d0f23e539/f7060245-2280-4168-a5a7-87f79f9d0e3e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.207.20.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-20-6.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:10 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.westernjournal.com
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4014:80e::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.westernjournal.com
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
26 KB
11 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=937115591132651&correlator=3518119905371344&eid=31068192%2C44761477%2C42531605&output=ldjh&gdfp_req=1&vrg=2022062203&ptt=17&impl=fifs&iu_parts=2507246%3A22550773714%2Cwesternjournal.com_Web_300x250_cmt_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=4&adks=3366142293&sfv=1-0-38&ecs=20220624&fsapi=false&prev_scp=h%3D23%26shb%3D1%26tg%3D0%26ics%3D300x250%26iba%3D00000%26iaid%3D72ee61e805bfae2%26ib%3Dappnexus%26p%3DBTF%26at%3D1%26hostname%3Dwww.westernjournal.com%26consent%3D0%26Exclude_Adx%3DN%26it%3Dil&eri=1&cust_params=ADRIZER_DEST%3D2c82c8aa96a2409ed0cd02f59d218bb8%26ADRIZER_SOURCE%3Ddc0cf5a290bb215566ff55ec995c7225%26ADRIZER_SOURCES%3D554838a8451ac36cb977e719e9d6623c%26ADRIZER_DESTS%3D4d1561a0b9559270591a9cb29799197c%26Site%3Dhttp%253A%252F%252Fwww.westernjournal.com%26Tag%3Dcrime%252Cmurder%252CUS%2520news%26Category%3DNews%26URL%3D%252Fnotebook-uncovered-brian-laundries-rema%26GoogleCompliant%3Dtrue%26utm_campaign%3Dtgm%26utm_content%3Dcan%26utm_medium%3Dtgm%26utm_source%3Dsocial%26ip%3D0%26he%3D0&sc=1&cookie=ID%3D340cfd3150f9dccc-221751ffbdcd00e5%3AT%3D1656114248%3AS%3DALNI_MZbe62gOvuGwyaEK_uWpvEri3JRmQ&abxe=1&dt=1656114248342&lmt=1656114247&dlt=1656114246090&idt=1129&biw=1600&bih=1200&adxs=244&adys=5555&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&frm=20&vis=1&scr_x=0&scr_y=0&psz=797x560&msz=336x-1&fws=0&ohw=0&ga_vid=1586728738.1656114247&ga_sid=1656114247&ga_hid=2011416346&ga_fc=true&btvi=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062203.js?cb=31068192
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
a01debc9d2b1d6d7d6c604a09a30ad3ab782b6bf00a04f613eaeaea2a8952202
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11601
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
20 KB
9 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=937115591132651&correlator=2300093067087033&eid=31068192%2C44761477%2C42531605&output=ldjh&gdfp_req=1&vrg=2022062203&ptt=17&impl=fifs&iu_parts=2507246%3A22550773714%2Cwesternjournal.com_Web_300x250_cmt_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=5&adks=239767260&sfv=1-0-38&ecs=20220624&fsapi=false&prev_scp=h%3D23%26shb%3D1%26tg%3D0%26ics%3D300x250%26iba%3D00001%26iaid%3D75fbccb207dc0d4%26ib%3Damx%26p%3DBTF%26at%3D1%26hostname%3Dwww.westernjournal.com%26consent%3D0%26Exclude_Adx%3DN%26it%3Dil&eri=1&cust_params=ADRIZER_DEST%3D2c82c8aa96a2409ed0cd02f59d218bb8%26ADRIZER_SOURCE%3Ddc0cf5a290bb215566ff55ec995c7225%26ADRIZER_SOURCES%3D554838a8451ac36cb977e719e9d6623c%26ADRIZER_DESTS%3D4d1561a0b9559270591a9cb29799197c%26Site%3Dhttp%253A%252F%252Fwww.westernjournal.com%26Tag%3Dcrime%252Cmurder%252CUS%2520news%26Category%3DNews%26URL%3D%252Fnotebook-uncovered-brian-laundries-rema%26GoogleCompliant%3Dtrue%26utm_campaign%3Dtgm%26utm_content%3Dcan%26utm_medium%3Dtgm%26utm_source%3Dsocial%26ip%3D0%26he%3D0&sc=1&cookie=ID%3D340cfd3150f9dccc-221751ffbdcd00e5%3AT%3D1656114248%3AS%3DALNI_MZbe62gOvuGwyaEK_uWpvEri3JRmQ&abxe=1&dt=1656114248349&lmt=1656114247&dlt=1656114246090&idt=1129&biw=1600&bih=1200&adxs=244&adys=5835&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&frm=20&vis=1&scr_x=0&scr_y=0&psz=797x560&msz=336x-1&fws=0&ohw=0&ga_vid=1586728738.1656114247&ga_sid=1656114247&ga_hid=2011416346&ga_fc=true&btvi=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062203.js?cb=31068192
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
41751107db43a49408b7b0a7f456d3fb9fbc1a1118e1487089f735304eeaeebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9041
x-xss-protection
0
google-lineitem-id
5748769097
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138357457281
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
19 KB
9 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=937115591132651&correlator=383136484580342&eid=31068192%2C44761477%2C42531605&output=ldjh&gdfp_req=1&vrg=2022062203&ptt=17&impl=fifs&iu_parts=2507246%3A22550773714%2Cwesternjournal.com_Web_300x250_cmt_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=6&adks=1787726081&sfv=1-0-38&ecs=20220624&fsapi=false&prev_scp=h%3D23%26shb%3D1%26tg%3D0%26ics%3D300x250%26iba%3D00001%26iaid%3D761e62a5174963c%26ib%3Damx%26p%3DBTF%26at%3D1%26hostname%3Dwww.westernjournal.com%26consent%3D0%26Exclude_Adx%3DN%26it%3Dil&eri=1&cust_params=ADRIZER_DEST%3D2c82c8aa96a2409ed0cd02f59d218bb8%26ADRIZER_SOURCE%3Ddc0cf5a290bb215566ff55ec995c7225%26ADRIZER_SOURCES%3D554838a8451ac36cb977e719e9d6623c%26ADRIZER_DESTS%3D4d1561a0b9559270591a9cb29799197c%26Site%3Dhttp%253A%252F%252Fwww.westernjournal.com%26Tag%3Dcrime%252Cmurder%252CUS%2520news%26Category%3DNews%26URL%3D%252Fnotebook-uncovered-brian-laundries-rema%26GoogleCompliant%3Dtrue%26utm_campaign%3Dtgm%26utm_content%3Dcan%26utm_medium%3Dtgm%26utm_source%3Dsocial%26ip%3D0%26he%3D0&sc=1&cookie=ID%3D340cfd3150f9dccc-221751ffbdcd00e5%3AT%3D1656114248%3AS%3DALNI_MZbe62gOvuGwyaEK_uWpvEri3JRmQ&abxe=1&dt=1656114248353&lmt=1656114247&dlt=1656114246090&idt=1129&biw=1600&bih=1200&adxs=244&adys=6115&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&frm=20&vis=1&scr_x=0&scr_y=0&psz=797x560&msz=336x-1&fws=0&ohw=0&ga_vid=1586728738.1656114247&ga_sid=1656114247&ga_hid=2011416346&ga_fc=true&btvi=4
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062203.js?cb=31068192
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
6d28615c5ee8460cd28dde1e013c07cce9df8adee65bb5e0c8af2321cf442827
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8818
x-xss-protection
0
google-lineitem-id
5748769097
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138357457263
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
19 KB
9 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=937115591132651&correlator=2274810147561962&eid=31068192%2C44761477%2C42531605&output=ldjh&gdfp_req=1&vrg=2022062203&ptt=17&impl=fifs&iu_parts=2507246%3A22550773714%2Cwesternjournal.com_Web_300x250_cmt_4&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=7&adks=130721338&sfv=1-0-38&ecs=20220624&fsapi=false&prev_scp=h%3D23%26shb%3D1%26tg%3D0%26ics%3D300x250%26iba%3D00001%26iaid%3D746e0aec2c86395%26ib%3Dappnexus%26p%3DBTF%26at%3D1%26hostname%3Dwww.westernjournal.com%26consent%3D0%26Exclude_Adx%3DN%26it%3Dil&eri=1&cust_params=ADRIZER_DEST%3D2c82c8aa96a2409ed0cd02f59d218bb8%26ADRIZER_SOURCE%3Ddc0cf5a290bb215566ff55ec995c7225%26ADRIZER_SOURCES%3D554838a8451ac36cb977e719e9d6623c%26ADRIZER_DESTS%3D4d1561a0b9559270591a9cb29799197c%26Site%3Dhttp%253A%252F%252Fwww.westernjournal.com%26Tag%3Dcrime%252Cmurder%252CUS%2520news%26Category%3DNews%26URL%3D%252Fnotebook-uncovered-brian-laundries-rema%26GoogleCompliant%3Dtrue%26utm_campaign%3Dtgm%26utm_content%3Dcan%26utm_medium%3Dtgm%26utm_source%3Dsocial%26ip%3D0%26he%3D0&sc=1&cookie=ID%3D340cfd3150f9dccc-221751ffbdcd00e5%3AT%3D1656114248%3AS%3DALNI_MZbe62gOvuGwyaEK_uWpvEri3JRmQ&abxe=1&dt=1656114248356&lmt=1656114247&dlt=1656114246090&idt=1129&biw=1600&bih=1200&adxs=244&adys=6395&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&frm=20&vis=1&scr_x=0&scr_y=0&psz=797x560&msz=336x-1&fws=0&ohw=0&ga_vid=1586728738.1656114247&ga_sid=1656114247&ga_hid=2011416346&ga_fc=true&btvi=5
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062203.js?cb=31068192
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
42bedeaa3e8903f5afc6fec296baf6345512612bc118e050efa7002882dd1ac6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8839
x-xss-protection
0
google-lineitem-id
5748769097
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138357457281
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame A8EA
12 KB
0
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
145481
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4420
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=90iV37eTYCZ7xKu%2FaOa7lr1KdZSGrU2vtogcF8uYkuDkPrOUqdF%2BfaeGfiGiN07WZdviPcpq8CjGSm9WPZYY2%2BXX9xw9%2BL%2BtNEmIgh5KPET6Wfz3KAagUdOI7kknOeEWYYqRiNySCjnKZr9QPKkPdbA1"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7209546e5a518fe3-FRA
expires
Wed, 14 Jun 2023 23:44:09 GMT
animejs.js
static.criteo.net/animejs/ Frame A8EA
0
0

img
pix.eu.criteo.net/img/ Frame A8EA
0
0

img
pix.eu.criteo.net/img/ Frame A8EA
0
0

img
pix.eu.criteo.net/img/ Frame A8EA
0
0

img
pix.eu.criteo.net/img/ Frame A8EA
0
0

all
csm.eu.criteo.net/ Frame A8EA
0
0

criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A8EA
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 19 Jun 2023 23:44:10 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame A8EA
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YrZMSAAN-E8H_ZKgAAwQ2HuNCqbvJyetdM9SDg&u=%7CLrfJxOaTkxMPapHyPXY66LIHXN0Ib1WYoUxYmA271U0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WZ6wH64C8sFAgLStL4RnwukEkJaLSn6N3hBSvmZfJeckS_kbPHy4SCDcterAtAbTs6VcAKaBKO0BbMZjb0cE7ZONHimbbGA-nPg-pu5gc7iClnwNqMsrIGAp6wn9fJvZX7PmSWel-WQBXefcpAWV386988F7Z-Gv_W9H0YnAiIDp1EVl7XSEEMBuS_8sBm8_ArxQzop4NkWAi2fyp9ZpERz2Q0RlPFeoaiOeGa5s4Pj6oBnaQVFBzyRM3HhpHr92NeJNlahVfAO0Q2ul7fvpX9vf6_innrHBnhI2mY2FRnIojBMWzT1fnYKxsYcfIaK5ynRF2IfDJngjLW2KlQkzY8Q9WGlzRYvOUSHF9bi4PMn9DUFyrDNsJnWZLteJ4pEWQUvJwjsRpATKFF8bHCW4hv_ob8kDD5kYTxsY3cqTBne8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmUTFSEy2Ys_wN6Cl9u8P2KGwyAvJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzQ3NzUzOTEyNzA4MDMwM6AB1bbS6gPIAQmpApqSWYn5rrE-4AIAqAMBqgTLA0_QcTV4UkCQak_uJNAHckS1YSEvWcGLtr1OlotsIxg-uUf4GCcUePWF0b2KxSNy-MngwfE-suJoB2dwwPutiMh6lIJ16ImmPf33QwqaogY746IKTy5nN6hYAuzh_Lor6gslxtscRftNOoNLufsmAwNyYOv3_8hhnHwus9Rxjl2afpl7alcGp59AKmscQQWiC-agTOb9vFkjIJyIfGO5SXiU2uCNhX3sVM9ahPxKwm3mGhPmm4ZRUMYYPXnvc-Sv0FjEcoYNGWACQn401WOcvzho3u5BZfpqO-TwaGPjo5dd6tJ_2C2QDGZ1l3DWW0Iglx2L7AZ16zmHkE_ScVTi7nZcHoQQ0YQg_sZ8OyH-3LnEdA3uJJ56BTsv2q9hE7uBhaER0kka3HA37UG_2fH4sq0cSZjKIHvTcCO-vKq0-Ien4AMetwj0jD8ISgtgr34_bQNoQdw3VwW2jxZyhhL034qcOjkbEobv4fVLCsff8agFMr7K5twJrvmJa5WfpX_RiFG43Z_sz4riiMLpAxERv5kr-qkD52ZhfalCxPnND-ayBqniYzWM189vM0QAlc2m0Jp4c-vvVR8Z8NpTzryQptYWCGzpZbJS3q20duAEAYAGyPGp1L7o0psNoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_333ArQFznjLJI7D54bTOXDZ8hntw%26client%3Dca-pub-3477539127080303%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 19 Jun 2023 23:44:10 GMT
bridge3.519.0_en.html
imasdk.googleapis.com/js/core/ Frame 8B87
0
0
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.519.0_en.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
5306
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209290
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 22:15:44 GMT
expires
Sat, 24 Jun 2023 22:15:44 GMT
last-modified
Tue, 14 Jun 2022 17:19:57 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 80D2
0
0

bridge3.519.0_en.html
imasdk.googleapis.com/js/core/ Frame C6A6
0
0
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.519.0_en.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
5306
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209290
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 22:15:44 GMT
expires
Sat, 24 Jun 2023 22:15:44 GMT
last-modified
Tue, 14 Jun 2022 17:19:57 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bridge3.519.0_en.html
imasdk.googleapis.com/js/core/ Frame AE66
0
0
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.519.0_en.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
5306
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209290
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 22:15:44 GMT
expires
Sat, 24 Jun 2023 22:15:44 GMT
last-modified
Tue, 14 Jun 2022 17:19:57 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
embed.runtime.ff468dfcc26885f2cd74.js
platform.twitter.com/embed/ Frame 0660
9 KB
0
Script
General
Full URL
https://platform.twitter.com/embed/embed.runtime.ff468dfcc26885f2cd74.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=WestJournalism&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9LCJ0ZndfcmVmc3JjX3Nlc3Npb24iOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd191c2VyX2ZvbGxvd19pbnRlbnRfMTQ0MDYiOnsiYnVja2V0IjoiZm9sbG93IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1540412715415617536&lang=en&origin=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&sessionId=e9cdbe68a78aa2b0d4cefdb4bf229c4ac86a62c5&siteScreenName=WestJournalism&theme=light&widgetsVersion=b45a03c79d4c1%3A1654150928467&width=550px
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6762) /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=WestJournalism&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9LCJ0ZndfcmVmc3JjX3Nlc3Npb24iOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd191c2VyX2ZvbGxvd19pbnRlbnRfMTQ0MDYiOnsiYnVja2V0IjoiZm9sbG93IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1540412715415617536&lang=en&origin=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&sessionId=e9cdbe68a78aa2b0d4cefdb4bf229c4ac86a62c5&siteScreenName=WestJournalism&theme=light&widgetsVersion=b45a03c79d4c1%3A1654150928467&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:10 GMT
Content-Encoding
gzip
Age
17568
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
4255
x-tw-cdn
VZ
Last-Modified
Mon, 06 Jun 2022 17:12:39 GMT
Server
ECS (frb/6762)
Etag
"f824375fd8f44e2e0f1fe8f4d5a6e177+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.modules.f34a0f34273ac52f3e51.js
platform.twitter.com/embed/ Frame 0660
512 KB
0
Script
General
Full URL
https://platform.twitter.com/embed/embed.modules.f34a0f34273ac52f3e51.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=WestJournalism&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9LCJ0ZndfcmVmc3JjX3Nlc3Npb24iOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd191c2VyX2ZvbGxvd19pbnRlbnRfMTQ0MDYiOnsiYnVja2V0IjoiZm9sbG93IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1540412715415617536&lang=en&origin=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&sessionId=e9cdbe68a78aa2b0d4cefdb4bf229c4ac86a62c5&siteScreenName=WestJournalism&theme=light&widgetsVersion=b45a03c79d4c1%3A1654150928467&width=550px
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6712) /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=WestJournalism&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9LCJ0ZndfcmVmc3JjX3Nlc3Npb24iOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd191c2VyX2ZvbGxvd19pbnRlbnRfMTQ0MDYiOnsiYnVja2V0IjoiZm9sbG93IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1540412715415617536&lang=en&origin=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&sessionId=e9cdbe68a78aa2b0d4cefdb4bf229c4ac86a62c5&siteScreenName=WestJournalism&theme=light&widgetsVersion=b45a03c79d4c1%3A1654150928467&width=550px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:10 GMT
Content-Encoding
gzip
Age
17568
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
171249
x-tw-cdn
VZ
Last-Modified
Mon, 06 Jun 2022 17:12:39 GMT
Server
ECS (frb/6712)
Etag
"7490e7a386def1875edc794009edc560+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.i18n.58f3645101e687f24f08.js
platform.twitter.com/embed/ Frame 0660
0
0

embed.Tweet.a041e79d959212ec9ef6.js
platform.twitter.com/embed/ Frame 0660
0
0

/
www.facebook.com/tr/ Frame AD18
0
0
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.westernjournal.com
Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.westernjournal.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:10 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
truncated
/ Frame 4FD4
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dd7fc8beec2043387b5f1875fa23cadf0395ff459a2edc449d4179af9422bc1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame 80D2
0
0

bid
c.amazon-adsystem.com/e/dtb/
23 B
497 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&pid=eN6h4P7mJSnzc&cb=2&ws=1600x1200&v=8.0.1&t=1000&slots=%5B%7B%22id%22%3A%22WJ_Vid_2%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1!fireflyengagement.com%2C2018001%2C1%2C%2C%2C&pubid=da224ee9-07c8-4a80-87e4-528df4ac939e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-78.fra2.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
via
1.1 69f13f852a135432abb1b7bfc5a8b420.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA2-C1
x-amz-rid
KQMZWQXKM6428GXH0N9C
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
LzM2X7RMnBEvcNRVIOry5-JtDb4Ekdztt_NSIGIUaIowvxUGdKIAwg==
1_th.jpg
img.connatix.com/pid-360e998e-de7b-4e4c-a145-dc1919ba2590/c2ba6f84-de01-411c-8d2e-af3691648f60/
16 KB
16 KB
Image
General
Full URL
https://img.connatix.com/pid-360e998e-de7b-4e4c-a145-dc1919ba2590/c2ba6f84-de01-411c-8d2e-af3691648f60/1_th.jpg?crop=817:460,smart&width=817&height=460&format=jpeg&quality=60&fit=crop
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4ebde66d951b946a57ce4212eb3a16f7727ff4f9d63429303d1df9f57e528732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
age
10110
etag
"hYCMeZKVinNUf9Z3lO7l6Whxfwtf9Ba/Ba8X5cjFlbI"
access-control-max-age
86400
fastly-io-info
ifsz=323790 idim=800x450 ifmt=png ofsz=16415 odim=799x450 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
15874
activeview
pagead2.googlesyndication.com/pcs/ Frame 4FD4
0
0

activeview
pagead2.googlesyndication.com/pcs/ Frame CD37
0
0

view
securepubads.g.doubleclick.net/pcs/
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssOHrHXN2Z9cV_7eEXCoDKXHEYpmAPKBP07R2QlP0JVjbh5st10Z42PcxD4wop64m7zWGCTKX_oyu2KSiXczW8_WXB7A_FpdYs5d1dIK53p-XC61qcr_diUMZsfoecH96gk9ZacKs18VstoKrbmG1WQHlEU8H84YhmN6YkAkbElGzIRnVw7Zimt1ymCx_fdg82zeLTWCZiaAyB7qfepQmOQ2YB9zVeS9tdqMXLMNtkdzTFGuLYGb4Jjb444SD349lgNS4bjzv4QQ6BBQs5bOdjLGTRNNl8uKjV9habQc83u62ToTNcXD345RdjqsAkVjJDNOvQtBJ3rJgRO31ZQqfjM3QLDrd0vRNmKTwoV8wxJhQ&sig=Cg0ArKJSzMTr1TC2LN1LEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 24 Jun 2022 23:44:10 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
nmedianet.js
contextual.media.net/
0
0

log
qsearch-a.akamaihd.net/
35 B
329 B
Image
General
Full URL
https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=appnexus&bdr_typ=2&ss_d1=0&ogerpm=0.0000&ss_d2=0&stid=22028907&other_prv=9&jar_err=&current_day=5.0&adtyp=0&req_id=4006405618041191992&bd_m3=0.0000&dmm_d36=NA&bidfp=0.0000&bd_m2=0.0000&pvag_id=&bd_m1=0.0000&ugd=4&dim10=false&predicted_wr=27.6050&exp=&second_bidder=*&search_res=36&floor_bucket=0.00&gpid_format=&seat=&size=300x250&url_l1=notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder&f_seg=&prdp=0.0192&ogcbdp=0.0300&dfpbd=0.0192&server=1&ogerpm_wd_bkt=0-1&model_version=202206241234_generic_appn_2-cid_1&viewability=0.0100&dmm_r=0.4240&cut=36&dmm_l=0.0080&as_cache=0&tcyerpm=&sc=BY&send_erpm=true&dmm_m9=0.0000&sd=0&hb_exp=&seg=&dmm_m4=0.0000&erpm_bucket=0.00&ugd_ver=&requrl=westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F&bidrestime=1656114249102&cc=DE&strg=harmony&ss=&current_hour=23&time_stamp=2022-06-24+23%3A44%3A09&model_key=generic_appn_2-cid_1&rvshhon=&mul_ratio=0.0000&bdp=0.0300&ct=Gunzenhausen&akey=&mnckfl=0&bdp_bucket=0.05&algo=default&dc=eu_be&splid=22028907&dim4=exploration&dn=westernjournal.com&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F103.0.5060.53+Safari%2F537.36&buyer_id=&dmm_m10=1129366&bdp_wider_bucket=1&acid=532ed9255cd0453eb4a088d0a1820f58&infl=&o_ver=NT+10.0&br_ver=103.0.5060.53&bdmm_m6=1.0000&bdmm_m7=1.2030&bdmm_m5=1.0000&ver=8.12.0&totalTimeBucket=4&visibility=0&totalTime=4120999&dmm_m1=2022-06-24+23%3A44%3A09.106739676&e_rpm=0.0360&dmm_m22=0.0000&gdpr=&vsid=&log_less=false&gpid_sent=false&ogerpm_used=false&bdmm_m12=1.2030&cid=8CU6M287B&bcrid=352460669&rawbid=0.0300&sub_bidder=0&pst=EMS&pbshr=100.0000&dmm_d10=0&o_id=101&clisp=rtb-common-5f4756465f-9hvkd.BE&dfp_bucket=0.0&adblk=&itype=appnexus&pvid_seat=9&cliIP=624572928&advurl=content.businessinfoline.com%2F&level_base=0&crid=856004011&sat=1&br_id=265&cut_bkt=35&gpid=&iwb=1&dmm_d22=0.00&second_bid=0.000000&sc_pvid=9&capd=0&other_bids=0.03
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.194.140 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-194-140.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:10 GMT
Server
Jetty(9.4.35.v20201120)
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
35
Expires
Fri, 24 Jun 2022 23:44:10 GMT
adperformance.js
warp.media.net/rtb/resource/
61 KB
62 KB
Script
General
Full URL
https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.104.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-26.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

strict-transport-security
max-age=604800
server
nginx
date
Fri, 24 Jun 2022 23:44:10 GMT
content-type
application/javascript;charset=ISO-8859-1
cache-control
max-age=58708
access-control-allow-credentials
true
content-length
62892
expires
Sat, 25 Jun 2022 16:02:38 GMT
trk.js
cdn.adnxs.com/v/s/224/
85 KB
29 KB
Script
General
Full URL
https://cdn.adnxs.com/v/s/224/trk.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.226 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-226.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:10 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Feb 2022 08:58:20 GMT
Server
AkamaiNetStorage
ETag
"80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*, *
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29216
Expires
Sat, 24 Jun 2023 23:44:10 GMT
it
ams1-ib.adnxs.com/
0
813 B
Image
General
Full URL
https://ams1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fwww.westernjournal.com%252Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%252F%253Futm_source%253Dsocial%2526utm_medium%253Dtgm%2526utm_campaign%253Dtgm%2526utm_content%253Dcan&e=wqT_3QKCBvBMAgMAAAMA1gAFAQjJmNmVBhDh5KLxzbneimkYnKuh9Pu_krNMKjYJ2_l-arx0kz8RyHa-nxovjT8ZAAAAIIXr6T8hyHa-nxovjT8p2_kJJNAxAAAAQOF6pD8w68TACjjvHECVCUhgUP2-iKgBWMqzlgFgAGjfj1F4-voCgAEBigEDVVNEkgUG9EgCmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAolE4AKIl13qAr4BaHR0cHM6Ly93d3cud2VzdGVybmpvdXJuYWwuY29tL25vdGVib29rLXVuY292ZXJlZC1icmlhbi1sYXVuZHJpZXMtcmVtYWlucy1jb250YWlucy1zaG9ja2luZy1jb25mZXNzaW9uLWdhYmJ5LXBldGl0b3MtbXVyZGVyLz91dG1fc291cmNlPXNvY2lhbCZ1dG1fbWVkaXVtPXRnbSZ1dG1fY2FtcGFpZ249dGdtJnV0bV9jb250ZW50PWNhboADAIgDAZADAJgDF6ADAaoDQRIYNDAwNjQwNTYxODA0MTE5MTk5Ml9zYmlkGhM3NTcyMDkyMjY5MzAwODU1MzkzIgkzNTI0NjA2NjkqBU0xMTczwAOsAsgDANgD0OZN4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDM3LjU4LjU4LjI0M6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABLzVtSLIBADaBAIIAeAEAfAE_b6IqAGIBQGYBQCgBbj85cvslefMN8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBfWkCfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0Aav8QHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8IABAAGAAgADAAOLoGQADIB_r6AtIHDQkAAAAAAVYcEAAYANoHBggFCWjgBwDqBwIIAPAHwvwDiggCEACVCAAAgD-YCAE.&s=da6316a0ab2bc3e4ae7b865f95b2a2358584cfdd
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:10 GMT
X-Proxy-Origin
37.58.58.243; 37.58.58.243; 724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
4a01e6b7-12ae-415e-8f08-1e3a59fc4664
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/
137 KB
42 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43180
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1655912982481896"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 24 Jun 2022 23:44:10 GMT
pixel
protected-by.clarium.io/
68 B
345 B
Image
General
Full URL
https://protected-by.clarium.io/pixel?tag=wt_R2tFa1FpZjZJTlpLWEFFLVBOUUVTUlNyRE5rL2FwcG5leHVzOjMwMHgyNTA=&v=5&s=v31g6c1jv1d&id=eyJwcmViaWQiOnsiYWRJZCI6Ijc0NmUwYWVjMmM4NjM5NSIsImNwbSI6MC4wMTE2ODUwMDAwMDAwMDAwMDEsInMiOiJkaXYtaW5zdGljYXRvci1hZC1jbXQtNCIsInNyYyI6ImNsaWVudCJ9LCJ0cF9jcmlkIjoiUEI6YXBwbmV4dXM7MzUyNDYwNjY5In0%3D&sb=undefined&cb=9435140&h=www.westernjournal.com&d=eyJ3aCI6IlIydEZhMUZwWmpaSlRscExXRUZGTFZCT1VVVlRVbE55UkU1ckwyRndjRzVsZUhWek9qTXdNSGd5TlRBPSIsIndkIjp7ImsiOnsiaGJfYmlkZGVyIjpbImFwcG5leHVzIl0sImhiX3NpemUiOlsiMzAweDI1MCJdfX0sIndyIjowfQ==
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.68.4.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-68-4-6.eu-central-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:10 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid6.20.0-3.js
cds.connatix.com/p/plugins/
471 KB
123 KB
Script
General
Full URL
https://cds.connatix.com/p/plugins/prebid6.20.0-3.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
19aa008de673ad3fe029942e7306efea84b9c8d39f564a119ef5a3e8da2ba70d

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
last-modified
Thu, 16 Jun 2022 09:12:00 GMT
age
743514
etag
"793dc262c0b49c31a7c1f2974621efac"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
126110
rc-logo.png
cdn.revcontent.com/assets/img/
2 KB
2 KB
Image
General
Full URL
https://cdn.revcontent.com/assets/img/rc-logo.png
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
last-modified
Tue, 21 Jun 2022 14:25:34 GMT
etag
"1655821534"
x-hw
1656114250.cds011.fr8.hn,1656114250.cds057.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=16076
accept-ranges
bytes
content-length
2091
widget-loaded
yeet.revcontent.com/yeet/events/ Frame
0
0
Preflight
General
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.73.172.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-73-172-28.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.westernjournal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Date
Fri, 24 Jun 2022 23:44:10 GMT
Server
openresty
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
0
widget-loaded
yeet.revcontent.com/yeet/events/
0
0
Fetch
General
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.73.172.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-73-172-28.eu-west-1.compute.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
Date
Fri, 24 Jun 2022 23:44:10 GMT
x-envoy-upstream-service-time
0
Server
openresty
Connection
keep-alive
vary
Origin
v2sxlYWhvCeLNGObb7IY8nP8RwdEElgFOKThq9T4wJCW6haAkMhLWEOk
breadbalance.com/
90 KB
27 KB
Script
General
Full URL
https://breadbalance.com/v2sxlYWhvCeLNGObb7IY8nP8RwdEElgFOKThq9T4wJCW6haAkMhLWEOk
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.228.83 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
83.228.117.34.bc.googleusercontent.com
Software
/
Resource Hash
4e2410217dda463e6c034bac323d061e3266d58ecc5f15db6e4f297a192598c0
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
x-datacenter
gce-europe-west1
etag
"56acd7b7722da9e758ec54702c8ea3a45ca66262e90ce62a2f72478ba3b98299"
vary
Accept-Encoding, Accept-Language
x-hostname
fen-hoothoot-europe-west1-spot-b0wm
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
date
Fri, 24 Jun 2022 23:44:10 GMT
x-buildnumber
564601328
timing-allow-origin
*
/
c.mgid.com/pv/
0
36 B
Script
General
Full URL
https://c.mgid.com/pv/?pv=5&cbuster=1656114248871573745932&uniqId=143a3&lct=1655251200&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&lu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&sessionId=62b64c49-13b77&pageView=1&pvid=1819819fca8ab4c2b85&site=542039&implVersion=11&dpr=1
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
720954715e029a1d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
3e9f345b-00b4-451a-b1dc-82f9ecb8a8e2
https://www.westernjournal.com/
1 KB
0
Media
General
Full URL
blob:https://www.westernjournal.com/3e9f345b-00b4-451a-b1dc-82f9ecb8a8e2
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Range
bytes=0-

Response headers

Content-Range
bytes 0-1492/1493
Content-Length
1493
Content-Type
video/mp4
mgid_ua.svg
cdn.mgid.com/images/mgid/
2 KB
1 KB
Image
General
Full URL
https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
cf-cache-status
HIT
age
103
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
31SG1V0WFRNKXC6R
x-amz-id-2
2ywp9fgknp8c4HO0Z1cJ5C+4aMUUPCMjGdBA1cI/wAWAxrlaPAi52xxpkj8rcWWqMPvoQLnyl6w=
last-modified
Tue, 08 Mar 2022 17:05:01 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag
W/"617c205137825561208ef7c1a2d8f319"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
x-amz-version-id
null
cf-ray
720954716e179a1d-FRA
expires
Sat, 25 Jun 2022 23:44:10 GMT
Adchoices.svg
cdn.mgid.com/images/logos/
836 B
908 B
Image
General
Full URL
https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
cf-cache-status
HIT
age
103
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
31SYWNNYNESPJ6F1
x-amz-id-2
3myD4nXSsv4qiYMx2Hi56efn2ys0sdKXq9O5ZJG39ML6YXsxmNdK6iip2d5CSfCah3Py/VE8AbU=
last-modified
Wed, 17 Feb 2021 18:15:53 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag
W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
x-amz-version-id
null
cf-ray
720954716e199a1d-FRA
expires
Sat, 25 Jun 2022 23:44:10 GMT
1
servicer.mgid.com/1280823/
5 KB
2 KB
Script
General
Full URL
https://servicer.mgid.com/1280823/1?pv=5&cbuster=1656114248941877306924&uniqId=143a3&lct=1655251200&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=0&h=-1&wrongImageSize=1&maxw_3=0&maxh_3=0&cols=6&ref=&cxurl=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&lu=https%3A%2F%2Fwww.westernjournal.com%2Fnotebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder%2F%3Futm_source%3Dsocial%26utm_medium%3Dtgm%26utm_campaign%3Dtgm%26utm_content%3Dcan&sessionId=62b64c49-13b77&pageView=1&pvid=1819819fca8ab4c2b85&implVersion=11&dpr=1
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8021f392775744ed17b0576342c6baaf7a14d4829ad144b90cdf9ac7122f725a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cf-ray
72095471be639a1d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNzQyLHlfMTM5MC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wN...
s-img.mgid.com/g/13269199/492x277/-/
36 KB
36 KB
Image
General
Full URL
https://s-img.mgid.com/g/13269199/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNzQyLHlfMTM5MC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvMWYzNzkwOTVjY2MyZjA1MmJhZDMyNWM3ZDY4MGVlMzEuanBlZw.webp?v=1656114250-I9jaCjWvuKa5dmOReDr4edPgjLECT3hqCaFbt6l-ji0
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8d02d3fe6eca2ba0b9baf7646e64b90286b24f3b055816ef8f5903de09cc835

Request headers

Referer
https://www.westernjournal.com/
Origin
https://www.westernjournal.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jun 2022 11:56:33 GMT
x-mg-request-uuid
59714be6-85ab-4c92-93dd-2e64ff71fabf
age
733336
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
7209547218199b69-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36390
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvZmMwN...
s-img.mgid.com/g/13269195/492x277/-/
12 KB
12 KB
Image
General
Full URL
https://s-img.mgid.com/g/13269195/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvZmMwNGUxODBjMGQzYzI2NDYzMzg3NGI5NjZkOGM0MDUuanBlZw.webp?v=1656114250-2_StWg5mbBJXkSOHv9aATmMvpaA8RmdUo3RnL1VZW1I
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc5e1969ad56002225002be81a554c50e155877e8721fe6ef31f1fc98d33df24

Request headers

Referer
https://www.westernjournal.com/
Origin
https://www.westernjournal.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jun 2022 11:59:34 GMT
x-mg-request-uuid
4322e9b5-74b9-48ce-8a1b-754ee0de1abe
age
733188
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
72095472181c9b69-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11970
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfODUwLHlfMTAxNi9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wN...
s-img.mgid.com/g/13269200/492x277/-/
26 KB
26 KB
Image
General
Full URL
https://s-img.mgid.com/g/13269200/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfODUwLHlfMTAxNi9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvZDg4YjFhMDZjNDk1Njc3MjBhZDY2MmRmNWUzODU0M2MuanBlZw.webp?v=1656114250-9dZIkRTa6UgZ-6BKcD4OFIgGwiRfqbRw9AUVu1uQEuo
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e23c8e8a17ec1e74feb3960c68fbb83528cba8438f74dcc66d5675120f7e2e07

Request headers

Referer
https://www.westernjournal.com/
Origin
https://www.westernjournal.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jun 2022 11:55:51 GMT
x-mg-request-uuid
b4c8e414-7844-4bdc-aef5-c16d86e920b8
age
733699
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
72095472181d9b69-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
26258
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMS8xMDE5MjQvNmY3NjQyMjQxZjdhYjU3Z...
s-img.mgid.com/g/12581122/492x277/-/
17 KB
17 KB
Image
General
Full URL
https://s-img.mgid.com/g/12581122/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMS8xMDE5MjQvNmY3NjQyMjQxZjdhYjU3ZDk2ODY3YzQ3YThkNDhjYTAuanBn.webp?v=1656114250-YT2DWEJNGTDQn0xpzhyp082rJn2NocivUwYw0AX6Tms
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8efa58b9db9ffd1975cb903d70775eea90216059c1b69821723f7a959f50f038

Request headers

Referer
https://www.westernjournal.com/
Origin
https://www.westernjournal.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
cf-cache-status
HIT
last-modified
Tue, 29 Mar 2022 09:35:12 GMT
x-mg-request-uuid
50575468-9c39-4f8f-a9cc-65e4abd80b68
age
3943030
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
72095472181e9b69-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17186
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvMWE4Y...
s-img.mgid.com/g/13269196/492x277/-/
17 KB
18 KB
Image
General
Full URL
https://s-img.mgid.com/g/13269196/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvMWE4YmM0YmE0Y2Y4MTNmY2NiODQzY2ZiZjUxMTQ1NDAuanBn.webp?v=1656114250-gkQznpOPDPq2RTN6iYjBKMyZW6MXSUlspYdhniICl_k
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8c33aacb1c3df2d8748287e367278db59808642536709a4090d178a73cfe13c

Request headers

Referer
https://www.westernjournal.com/
Origin
https://www.westernjournal.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jun 2022 11:59:31 GMT
x-mg-request-uuid
0e1e90cc-6e75-446d-99b5-997347e20a22
age
733127
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
72095472181f9b69-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17362
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMy8xMDE5MjQvOWNiNzRjMTdhYmNlYWVlO...
s-img.mgid.com/g/12581090/492x277/-/
16 KB
17 KB
Image
General
Full URL
https://s-img.mgid.com/g/12581090/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMy8xMDE5MjQvOWNiNzRjMTdhYmNlYWVlOTkyMDExYmY5YzViODBlYWMuanBlZw.webp?v=1656114250-9iAbFvwX0dabOknbzUJ0QYGO1DnoYvcni4bZsWqaf3E
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1598e045b4d9e7ab54c8164d124493be8cb6030eea6cccbbb41744487dbf8d9f

Request headers

Referer
https://www.westernjournal.com/
Origin
https://www.westernjournal.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
cf-cache-status
HIT
last-modified
Tue, 29 Mar 2022 09:38:19 GMT
x-mg-request-uuid
a77847a3-60c8-4970-8d27-91f3ebc54767
age
3942970
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
7209547218229b69-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
16708
server
cloudflare
i-noref.js
cm.mgid.com/ Frame F04A
0
102 B
Script
General
Full URL
https://cm.mgid.com/i-noref.js?cbuster=1656114249009271125118
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:10 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
720954722ed89a1d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
938.json
id5-sync.com/g/v2/
213 B
629 B
XHR
General
Full URL
https://id5-sync.com/g/v2/938.json
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158410/3599/pwt.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.71 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216577.ip-141-95-98.eu
Software
/
Resource Hash
8b30b5297dd386a87c43de90a466b2466831b37adadfad245b66a0e54f1d9a56
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:10 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
id
id.crwdcntrl.net/
63 B
343 B
XHR
General
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158410/3599/pwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.133.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-133-87.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
44ceb64a19985b5e85e653cc16ec6a3006d2f636d95d99dc3a83a726851d3e38

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:10 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache
x-server
10.45.30.218
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
63
expires
0
rid
match.adsrvr.org/track/
63 B
395 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158410/3599/pwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
ea29bd770b763910bf9b6336a4304d243a1bdaaa5054c61c329378da343a1b55

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 24 Jun 2022 23:44:10 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Sun, 24 Jul 2022 23:44:10 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame AAE9
38 KB
14 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c7cba051adb45bda78591c9b2f415a1009c62ca0301df36f7d92291bf5d423b4
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
https://ci-va2qa-mgmt.pubmatic.com
cache-control
max-age=39198
content-encoding
gzip
content-length
13941
content-type
text/html
date
Fri, 24 Jun 2022 23:44:11 GMT
etag
"1302647-96a7-5da3b2ade946f"
expires
Sat, 25 Jun 2022 10:37:29 GMT
last-modified
Tue, 15 Mar 2022 05:35:40 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
x-xss-protection
1; mode=block
PugMaster
image6.pubmatic.com/AdServer/ Frame AAE9
0
42 B
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=63000680&p=158410&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:12 GMT
content-length
0
369.json
id5-sync.com/g/v2/
213 B
629 B
XHR
General
Full URL
https://id5-sync.com/g/v2/369.json
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.71 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216577.ip-141-95-98.eu
Software
/
Resource Hash
2f5480931d570230ca5087ec63c857fb9d60d1afdcd33a21fbd75e814f0d299b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.westernjournal.com
date
Fri, 24 Jun 2022 23:44:12 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
rid
match.adsrvr.org/track/
0
306 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=mp4hjl8
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 24 Jun 2022 23:44:12 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://www.westernjournal.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
0
expires
Sat, 24 Jun 2023 23:44:12 GMT
envelope
api.rlcdn.com/api/identity/
0
258 B
XHR
General
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=88
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/9af198ff-22cf-4d4b-80d5-b58d0f23e539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 24 Jun 2022 23:44:12 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.westernjournal.com
access-control-allow-credentials
true
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
0
pixel
cm.g.doubleclick.net/ Frame 40CC
170 B
502 B
Document
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:12 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
usersync
rtb.gumgum.com/ Frame 0518
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum&tc=1
35 B
208 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum&tc=1
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.208.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-208-161.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Fri, 24 Jun 2022 23:44:13 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Fri, 24 Jun 2022 23:44:12 GMT Fri, 24 Jun 2022 23:44:12 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum&tc=1
pragma
no-cache
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 1AB7
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
https://ci-va2qa-mgmt.pubmatic.com
cache-control
max-age=152559
content-encoding
gzip
content-length
5549
content-type
text/html
date
Fri, 24 Jun 2022 23:44:12 GMT
expires
Sun, 26 Jun 2022 18:06:51 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
x-xss-protection
1; mode=block
https://ssum-sec.casalemedia.com%2C%20r12.lb.indexww.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D&s=192379&C=1
https://ssum-sec.casalemedia.com%2C%20r12.lb.indexww.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D&s=192379&C=1 Frame D605
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D
  • https://ssum-sec.casalemedia.com%2C%20r12.lb.indexww.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D&s=192379&C=1
0
0

async_usersync.html
acdn.adnxs.com/dmp/ Frame BF37
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
66967
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 24 Jun 2022 23:44:12 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 22 Jun 2022 05:08:01 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 652665
X-Served-By
cache-lga21963-LGA, cache-fra19126-FRA
X-Timer
S1656114253.970062,VS0,VE0
/
sync.aralego.com/idSync/ Frame 0461
35 B
266 B
Document
General
Full URL
https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3DUCFUID
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

connection
close
content-length
35
content-type
image/gif
date
Fri, 24 Jun 2022 23:44:13 GMT
pixel
cm.g.doubleclick.net/ Frame 9459
170 B
188 B
Document
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:13 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
pixel
cm.g.doubleclick.net/ Frame C88B
170 B
188 B
Document
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Fri, 24 Jun 2022 23:44:12 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
rubicon
ex.ingage.tech/v1/syncPage/ Frame 7910
951 B
608 B
Document
General
Full URL
https://ex.ingage.tech/v1/syncPage/rubicon?userId=c61d5f03-0670-4713-b0cc-02d7d89d60be&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:efc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
720954811f92690f-FRA
content-encoding
gzip
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
um
cs.emxdgt.com/ Frame 53E2
0
0
Document
General
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
content-type
text/html
date
Fri, 24 Jun 2022 23:44:12 GMT
usync.html
eus.rubiconproject.com/ Frame 890F
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 24 Jun 2022 23:44:13 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 9570
0
91 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/7f1e280 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
server
OXGW/7f1e280
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E5D4
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
https://ci-va2qa-mgmt.pubmatic.com
cache-control
max-age=152558
content-encoding
gzip
content-length
5549
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
expires
Sun, 26 Jun 2022 18:06:51 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
x-xss-protection
1; mode=block
/
ssc-cms.33across.com/ps/ Frame 4A83
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=asRWdk7Kyr7ioGrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP003 /
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Fri, 24 Jun 2022 23:44:13 GMT
server
33XP003
x-33x-status
2000208
usersync.html
ad-cdn.technoratimedia.com/html/ Frame 3F7C
20 KB
7 KB
Document
General
Full URL
https://ad-cdn.technoratimedia.com/html/usersync.html?src=prebid_prebid_6.15.0
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.191 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frd/E2F8) /
Resource Hash
c542d54ca710cbb971437bc0b2c8979d90f98ce1fab18854a2acaef225ddfc2e

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,date,etag,opc-client-info,opc-request-id,x-api-id
age
52
cache-control
max-age=900
content-encoding
gzip
content-length
6474
content-md5
KVG+QKveo3+rFAAhSOovjg==
content-type
text/html; charset=utf-8
date
Fri, 24 Jun 2022 23:44:13 GMT
etag
f1845ecc-de6f-4c51-8b13-b501040e6929
expires
Fri, 24 Jun 2022 23:59:13 GMT
last-modified
Fri, 27 May 2022 14:36:20 GMT
opc-request-id
iad-1:rWD7RWOZuVjRgshJjT5M0jkuQXXFnIqdjldjwkXqaNjpMOj6FvTP2PnmESUp3kP5
server
ECAcc (frd/E2F8)
storage-tier
Standard
vary
Accept-Encoding
version-id
3ee9dce7-218a-4043-8374-2366a1fe8ea8
x-api-id
native
x-cache
HIT
d459e3c6da768f28b23fc200eeedcdc1.gif
cookie.lmgssp.com/ Frame 6CA9
0
0
Document
General
Full URL
https://cookie.lmgssp.com/d459e3c6da768f28b23fc200eeedcdc1.gif?gdpr=0&puid=c61d5f03-0670-4713-b0cc-02d7d89d60be&redir=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Flunamedia%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D%5BUID%5D
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
8.2.110.165 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Date
Fri, 24 Jun 2022 23:44:13 GMT
Server
nginx
/
ssc-cms.33across.com/ps/ Frame D233
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=aleOzs7Kyr7ioGrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP004 /
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Fri, 24 Jun 2022 23:44:12 GMT
server
33XP004
x-33x-status
2000208
generic
match.adsrvr.org/track/cmf/ Frame 813D
70 B
264 B
Document
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Fri, 24 Jun 2022 23:44:13 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 89A3
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
https://ci-va2qa-mgmt.pubmatic.com
cache-control
max-age=152558
content-encoding
gzip
content-length
5549
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
expires
Sun, 26 Jun 2022 18:06:51 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
x-xss-protection
1; mode=block
usersync
rtb.gumgum.com/ Frame 534D
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
35 B
208 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.208.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-208-161.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Fri, 24 Jun 2022 23:44:13 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT Fri, 24 Jun 2022 23:44:13 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
pragma
no-cache
generic
match.adsrvr.org/track/cmf/ Frame 46A7
Redirect Chain
  • https://ex.ingage.tech/v1/syncPage/unruly?userId=c61d5f03-0670-4713-b0cc-02d7d89d60be&to=https%3A%2F%2Fsync.1rx.io%2Fusersync2%2Frmpssp%3Fsub%3Dinsticator
  • https://sync.1rx.io/usersync2/rmpssp?sub=insticator
  • https://sync.1rx.io/usersync2/rmpssp?sub=insticator&zcc=1&cb=1656114253293
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5416072143
70 B
264 B
Document
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5416072143
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Fri, 24 Jun 2022 23:44:13 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
etag
RX699de3faed264078a69612c9106acedd003
expires
0
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5416072143
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
pragma
no-cache
server
Tengine
usersync
usersync.gumgum.com/ Frame B6AB
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
0
Pragma
no-cache

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
Fri, 24 Jun 2022 23:44:12 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4475 c1dc35a master zrh-pixel-x24 config:1.0.0
location
https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4F09
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
https://ci-va2qa-mgmt.pubmatic.com
cache-control
max-age=152558
content-encoding
gzip
content-length
5549
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
expires
Sun, 26 Jun 2022 18:06:51 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
x-xss-protection
1; mode=block
usync.html
eus.rubiconproject.com/ Frame D129
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 24 Jun 2022 23:44:13 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
generic
match.adsrvr.org/track/cmf/
70 B
435 B
XHR
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:13 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
access-control-allow-origin
https://www.westernjournal.com
cache-control
private,no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
70
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame BCE6
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3DPM_UID
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.90.104.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-242.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
https://ci-va2qa-mgmt.pubmatic.com
cache-control
max-age=152558
content-encoding
gzip
content-length
5549
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
expires
Sun, 26 Jun 2022 18:06:51 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
x-xss-protection
1; mode=block
usync.html
eus.rubiconproject.com/ Frame 6115
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 24 Jun 2022 23:44:13 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
usersync
rtb.gumgum.com/ Frame 65D0
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
35 B
208 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.208.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-208-161.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Fri, 24 Jun 2022 23:44:13 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT Fri, 24 Jun 2022 23:44:13 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=JFJI5F1ax5Aj0gpG4E6F&pi=gumgum
pragma
no-cache
um
cs.emxdgt.com/ Frame 3A7C
0
0
Document
General
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
content-type
text/html
date
Fri, 24 Jun 2022 23:44:12 GMT
beacon
ap.lijit.com/ Frame E6EB
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13406715
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap3ams1
generic
match.adsrvr.org/track/cmf/ Frame 4CEB
70 B
264 B
Document
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Fri, 24 Jun 2022 23:44:13 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
usersync
usersync.gumgum.com/ Frame 999F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
0
Pragma
no-cache

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
Fri, 24 Jun 2022 23:44:12 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4475 c1dc35a master zrh-pixel-x5 config:1.0.0
location
https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
sync.html
cdn.aralego.net/ucfad/cookie/ Frame DF5F
2 KB
1 KB
Document
General
Full URL
https://cdn.aralego.net/ucfad/cookie/sync.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24f3dba78c31c5d70638101d559216361f0a1b8e2ce168a784a57bafdc971f86

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
1889
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
7209548338fe91fb-FRA
content-encoding
br
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Wed, 16 Dec 2020 08:30:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l5OwKgpffkCVe5FbRYN6uHRMBP0Urmk7fG62SaDpYRpwvSya2Wr%2Fo8MdZiUtHKq34vswGO5KcwrsZ06MXqZC4%2BjDlFgaY%2Be8n0DLNueDChfV%2FbSiIXOZUJT6MgNyqpoFZpCcML9eJ5AmH%2BSnew%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame E18B
926 B
1 KB
Document
General
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
7149
CF-Cache-Status
HIT
CF-RAY
720954835b169a15-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Sat, 25 Jun 2022 00:44:13 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
usersync
usersync.gumgum.com/ Frame A22E
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YrZMTQALTs_dYwAj
  • https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTs_dYwAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTs_dYwAj
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTs_dYwAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTs_dYwAj
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
0
Pragma
no-cache

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT
location
https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTs_dYwAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTs_dYwAj
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-fra19122-FRA
x-timer
S1656114253.438843,VS0,VE0
usync.html
eus.rubiconproject.com/ Frame DE9C
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 24 Jun 2022 23:44:13 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
usersync
usersync.gumgum.com/ Frame FB9F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YrZMTQALTsadeQAj
  • https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTsadeQAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTsadeQAj
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTsadeQAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTsadeQAj
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
0
Pragma
no-cache

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT
location
https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTsadeQAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTsadeQAj
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-fra19122-FRA
x-timer
S1656114253.442875,VS0,VE0
usersync
usersync.gumgum.com/ Frame 9C09
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
0
Pragma
no-cache

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
Fri, 24 Jun 2022 23:44:12 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4475 c1dc35a master zrh-pixel-x3 config:1.0.0
location
https://usersync.gumgum.com/usersync?b=mmh&i=bdf962b6-4c4c-4200-98f0-05b92e031e3d&gdpr=1&gdpr_consent=
um
cs.emxdgt.com/ Frame E838
0
0
Document
General
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
content-type
text/html
date
Fri, 24 Jun 2022 23:44:13 GMT
usersync
usersync.gumgum.com/ Frame 78FD
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YrZMTQALTZmdmgAj
  • https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTZmdmgAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTZmdmgAj
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTZmdmgAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTZmdmgAj
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 24 Jun 2022 23:44:13 GMT
Expires
0
Pragma
no-cache

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT
location
https://usersync.gumgum.com/usersync?b=atm&i=YrZMTQALTZmdmgAj&gdpr=1&gdpr_consent=&_test=YrZMTQALTZmdmgAj
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-fra19122-FRA
x-timer
S1656114253.454074,VS0,VE0
/
ssc-cms.33across.com/ps/ Frame C5C5
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=aISzFq7Kyr7ioGrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP001 /
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Fri, 24 Jun 2022 23:44:13 GMT
server
33XP001
x-33x-status
2000208
/
ssc-cms.33across.com/ps/ Frame B035
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=aBPa4O7Kyr7ioGrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP001 /
Resource Hash

Request headers

Referer
https://www.westernjournal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Fri, 24 Jun 2022 23:44:13 GMT
server
33XP001
x-33x-status
2000208
loader.js
static.instiengage.com/app-loader/static/
Redirect Chain
  • https://comment.instiengage.com/live/loader/loader.js
  • https://static.instiengage.com/app-loader/static/loader.js
127 KB
35 KB
Script
General
Full URL
https://static.instiengage.com/app-loader/static/loader.js
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Server
2600:9000:2156:6000:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
73b097d8fded70411bde81cb61b21d7c3279628c1b23231eac3b497b6fc2842c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.westernjournal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
CkHE2bxwf62Y2SmXfoOWCO.QjdCmzPcG
content-encoding
br
last-modified
Mon, 20 Jun 2022 10:48:40 GMT
server
AmazonS3
age
37
etag
W/"25a8cd9bc49153fa8fd3f0b06d470d6d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control
max-age=60
date
Fri, 24 Jun 2022 23:43:52 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
LNY3wkEW4r8zIAUu7rpPXaIYqiaah90iZjtLKDU5_W4WDNvTWBN1dQ==

Redirect headers

date
Fri, 24 Jun 2022 23:44:13 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
location
https://static.instiengage.com/app-loader/static/loader.js
cache-control
max-age=3600
cf-ray
72095484fce190a6-FRA
expires
Sat, 25 Jun 2022 00:44:13 GMT
usync.js
eus.rubiconproject.com/ Frame 890F
31 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c8a778d5fa59d4a504855f9230149b9b3d99a13bf9a3fcf984c9c4d19203a118

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jun 2022 17:17:26 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10821
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9454
Expires
Sat, 25 Jun 2022 02:44:34 GMT
usync.js
eus.rubiconproject.com/ Frame D129
31 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c8a778d5fa59d4a504855f9230149b9b3d99a13bf9a3fcf984c9c4d19203a118

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jun 2022 17:17:26 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10821
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9454
Expires
Sat, 25 Jun 2022 02:44:34 GMT
usync.js
eus.rubiconproject.com/ Frame 6115
31 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c8a778d5fa59d4a504855f9230149b9b3d99a13bf9a3fcf984c9c4d19203a118

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jun 2022 17:17:26 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10821
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9454
Expires
Sat, 25 Jun 2022 02:44:34 GMT
usync.js
eus.rubiconproject.com/ Frame DE9C
31 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c8a778d5fa59d4a504855f9230149b9b3d99a13bf9a3fcf984c9c4d19203a118

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jun 2022 17:17:26 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10821
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9454
Expires
Sat, 25 Jun 2022 02:44:34 GMT
async_usersync
ib.adnxs.com/ Frame BF37
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:13 GMT
X-Proxy-Origin
37.58.58.243; 37.58.58.243; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
4d552103-50cd-4776-a609-5a02630b9935
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 7910
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Requested by
Host: ex.ingage.tech
URL: https://ex.ingage.tech/v1/syncPage/rubicon?userId=c61d5f03-0670-4713-b0cc-02d7d89d60be&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ex.ingage.tech/v1/syncPage/rubicon?userId=c61d5f03-0670-4713-b0cc-02d7d89d60be&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 24 Jun 2022 23:44:13 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 24 Jun 2022 23:44:13 GMT
location
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
server
AkamaiGHost
idsync
sync.aralego.com/ Frame DF5F
35 B
266 B
Image
General
Full URL
https://sync.aralego.com/idsync?
Requested by
Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 McLean, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.aralego.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:13 GMT
connection
close
content-length
35
content-type
image/gif
sync.php
pixel.rubiconproject.com/exchange/ Frame D129
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L4T3NW5C-28-HYQY
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif
usync.js
eus.rubiconproject.com/ Frame 7910
31 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c8a778d5fa59d4a504855f9230149b9b3d99a13bf9a3fcf984c9c4d19203a118

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 24 Jun 2022 23:44:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jun 2022 17:17:26 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10821
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9454
Expires
Sat, 25 Jun 2022 02:44:34 GMT
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 7910
0
239 B
Image
General
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=insticator&khaos=L4T3NW5C-28-HYQY
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
2dd9fa24169fa04536d533da131679f8
Content-Type
image/gif
ecm3
s.amazon-adsystem.com/ Frame 890F
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Wom0OvgLQH2Z29ULnOHqUA&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Wom0OvgLQH2Z29ULnOHqUA
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Wom0OvgLQH2Z29ULnOHqUA
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
27V1QK8RZKTT1G6AQK81
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Wom0OvgLQH2Z29ULnOHqUA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame 890F
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L4T3NW5C-28-HYQY&sigv=1&esig=2~98c46aa3e13dc58a4fc21f7031a0e245d3f40fd7
0
194 B
Image
General
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L4T3NW5C-28-HYQY&sigv=1&esig=2~98c46aa3e13dc58a4fc21f7031a0e245d3f40fd7
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:13 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L4T3NW5C-28-HYQY&sigv=1&esig=2~98c46aa3e13dc58a4fc21f7031a0e245d3f40fd7
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame 890F
0
98 B
Image
General
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 24 Jun 2022 23:44:13 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel
cm.g.doubleclick.net/ Frame 890F
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRUM05XNUMtMjgtSFlRWQ==
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRUM05XNUMtMjgtSFlRWQ==
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H3
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRUM05XNUMtMjgtSFlRWQ==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 890F
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=3ysD1i6ITDapOWqKE5ItVw&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=3ysD1i6ITDapOWqKE5ItVw
43 B
556 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=3ysD1i6ITDapOWqKE5ItVw
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Server
52.94.222.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
R6AA4YAHNQR9ASC5TSHH
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=3ysD1i6ITDapOWqKE5ItVw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 890F
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjY4ZWZjMmQ0ZDRiNDk0ZTUyMjBlYzZjYmYxOWMyMGI5ZmZiNTM1ZQ
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjY4ZWZjMmQ0ZDRiNDk0ZTUyMjBlYzZjYmYxOWMyMGI5ZmZiNTM1ZQ
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
H3
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjY4ZWZjMmQ0ZDRiNDk0ZTUyMjBlYzZjYmYxOWMyMGI5ZmZiNTM1ZQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 890F
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/_cLkNOeWROYIBkGX3Lb9-Mn5EUdSAgOZEtemQ7w0kco?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8966378377504425640
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8966378377504425640
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif

Redirect headers

date
Fri, 24 Jun 2022 23:44:13 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8966378377504425640
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
tap.php
pixel.rubiconproject.com/ Frame 890F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGUr7az96N1a2vFU3AKI_1I&google_cver=1
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGUr7az96N1a2vFU3AKI_1I&google_cver=1
Requested by
Host: www.westernjournal.com
URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 24 Jun 2022 23:44:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGUr7az96N1a2vFU3AKI_1I&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame BF37
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 24 Jun 2022 23:44:14 GMT
X-Proxy-Origin
37.58.58.243; 37.58.58.243; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
c65f0e31-9138-4492-9e56-5882ac257609
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
metrics
connect-metrics-collector.s-onetag.com/
0
73 B
Ping
General
Full URL
https://connect-metrics-collector.s-onetag.com/metrics
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.181.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0cb5afe0ce76779e.awsglobalaccelerator.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 24 Jun 2022 23:44:20 GMT
content-length
0
vary
Origin
metrics
signal-metrics-collector-beta.s-onetag.com/
0
72 B
Ping
General
Full URL
https://signal-metrics-collector-beta.s-onetag.com/metrics
Requested by
Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.181.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0cb5afe0ce76779e.awsglobalaccelerator.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 24 Jun 2022 23:44:20 GMT
content-length
0
vary
Origin
v2vbyJLRCfnXQdDhwH6wXkQ77DnRzLU8UbA5ff6laoKGl2Ggdnkejni7iWjmp7vEp4QZ1A0yQ
breadbalance.com/
209 B
650 B
Fetch
General
Full URL
https://breadbalance.com/v2vbyJLRCfnXQdDhwH6wXkQ77DnRzLU8UbA5ff6laoKGl2Ggdnkejni7iWjmp7vEp4QZ1A0yQ
Requested by
Host: d3l320urli0p1u.cloudfront.net.
URL: https://d3l320urli0p1u.cloudfront.net./script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.228.83 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
83.228.117.34.bc.googleusercontent.com
Software
/
Resource Hash
1de3183f58ea96ee900802b3cc95cfcd8243c0e59ce4e76fcd0cb0fcb7344ae6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.westernjournal.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
access-control-allow-methods
POST, OPTIONS
x-datacenter
gce-europe-west1
date
Fri, 24 Jun 2022 23:44:25 GMT
vary
Accept-Encoding, Origin
x-hostname
fen-hoothoot-europe-west1-spot-b0wm
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.westernjournal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-buildnumber
564601328
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length
209
expires
Fri, 24 Jun 2022 23:44:24 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
c.amazon-adsystem.com
URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.westernjournal.com&pubid=da224ee9-07c8-4a80-87e4-528df4ac939e
Domain
csm.eu.criteo.net
URL
https://csm.eu.criteo.net/all?cppv=3&cpp=kl8sHwpuZ0sIrYYeGeb4c7h2cwuqja2Q9Hs612O1BSsABP_xq2xD7VozB897-NiQFAOiMjm4I7Re3I4RzDFSPVNWLQNJ_bG2rMyezSBUhSmMX1P2_DxbIX-fsKLFfFebNgrrf3G7EL9uokzWV7KIAwJiTeJg53eh4SIngVDOkfIfH8b5j7RcEGGr6zbDjsp40KV8qUOEArBAodDTp4NBGApEtIgE64VypBcbMRjQuYzab6IBIx6OSVqQBPO_ogN4KlxXYQ&sds=2&rev=81817&sendBeacon=true
Domain
static.criteo.net
URL
https://static.criteo.net/animejs/animejs.js
Domain
pix.eu.criteo.net
URL
https://pix.eu.criteo.net/img/img?h=496&m=0&partner=36918&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F36918%2F210225%2F33d784040a48408e8c6dedc4aa03c63b_logo_leasingmarkt_de_endorsement.png&v=3&w=356&s=YBVJBxOpn5jbwpsilg_JgEWJ
Domain
pix.eu.criteo.net
URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F3911420%2Fmedia%2Ffeed%2F600x450&v=3&w=400&s=eOx4xSQKcnblVPJ3wcoZORKA&b=400
Domain
pix.eu.criteo.net
URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F5666832%2Fmedia%2Ffeed%2F600x450&v=3&w=400&s=IexqDaGWdbYICy0NQhxFkHWs&b=400
Domain
pix.eu.criteo.net
URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F6635568%2Fmedia%2Ffeed%2F600x450&v=3&w=400&s=dUe-nKKNxObk47Pmvay2MV6c&b=400
Domain
csm.eu.criteo.net
URL
https://csm.eu.criteo.net/all?cppv=3&cpp=xNCbqApuZ0sIrYYeS-4r4tnBiuvhvbi85Pg788OUYR7D-85zwtucS-3CZsxIkGQSL4_HLVKZOwfqboYxBJ4fV__GC15XIlK68-zSD5DRldIP3rUYMJsTBDdZMvxJoHB-L65DFASmAJEx8z2e1g4FDWFbA4rPR1HeNy0aieZG5ZoH15ePr_cNsVENh_qEtcSXYIBpAiiForvgICKEMfccSIPFR_oP4XkpX5hipeshD0Hd2AHXRmLhiG2ODQ74KMZHn73uUA&sds=2&rev=81817&sendBeacon=true
Domain
s0.2mdn.net
URL
https://s0.2mdn.net/instream/video/client.js
Domain
platform.twitter.com
URL
https://platform.twitter.com/embed/embed.i18n.58f3645101e687f24f08.js
Domain
platform.twitter.com
URL
https://platform.twitter.com/embed/embed.Tweet.a041e79d959212ec9ef6.js
Domain
capi-tier-2-us-east-2.connatix.com
URL
https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=167773&cid=9dd181c7-3fdc-4552-b455-a4484892c82c
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssRYSed0mW4oiiNLQGzhZutF3T38aauxwxKdT0TWoe7vJm_GPs_WwVZx566JNpmfTM7A7gilPgETMTs_MNSJDVKsjw&sig=Cg0ArKJSzPz3WrKwmHZfEAE&id=lidartos&mcvt=330&p=310,315,560,1285&mtos=330,330,330,330,330&tos=330,0,0,0,0&v=20220622&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1409352590&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=3&r=b&rst=1656114247580&rpt=641&isd=0&lsd=0&ec=0&met=ie&wmsd=0
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssTElWStWSuGuTdKY6OYaUsEM7Gu9yACMRdaagYLSXY1M86n1SzmjAA8N4DyzGP98ENVGuR_sWwhbvM8csBhY1NNMM&sig=Cg0ArKJSzAzMgtkfCgyfEAE&id=lidartos&mcvt=0&p=1296,1066,1546,1366&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20220622&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=20&adk=2671899693&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=3&r=b&rst=1656114247599&rpt=487&isd=0&lsd=0&ec=0&met=ie&wmsd=0
Domain
contextual.media.net
URL
https://contextual.media.net/nmedianet.js?cid=8CUL2446F
Domain
ssum-sec.casalemedia.com
URL
https://ssum-sec.casalemedia.com%2C%20r12.lb.indexww.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fc61d5f03-0670-4713-b0cc-02d7d89d60be%3Fuid%3D&s=192379&C=1

Verdicts & Comments Add Verdict or Comment

271 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 object| 33 object| 34 object| 35 object| 36 object| 37 object| 38 object| 39 object| 40 object| 41 object| 42 object| 43 object| 44 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| dataLayer function| getParameterByName function| getCookie object| PWT object| Insticator object| google_tag_manager object| google_optimize object| _atrk_opts function| pbjsChunk object| pbjs object| _pbjsGlobals function| JSEncrypt object| ADAGIO object| core object| googletag object| ADRIZER function| admiral object| advBidxc number| ff_current_page number| FF_REP_COUNT object| FF_EXCLUDE_ADS function| firefly_setTargeting function| firefly_size_list_to_max_wh object| FFADS function| sendInitialAdserverRequest function| sendSingleAdserverRequest function| firefly_pbjs_bids_back_single function| firefly_a9_bids_back_single object| a9_slot_arr string| ad_unit object| Adomik object| apstag object| _comscore string| captchaPublicKey object| a2a_config function| cnx function| firefly_sc function| firefly_set_ff_utms object| atsScript function| fireflyStickySbSetScrollEventListener function| fireflyStickySbScrollListener function| fireflyPreventWidgetOverlap function| firefly_global_loaded string| firefly_loading_gif_url string| firefly_ajax_url number| firefly_post_id boolean| firefly_global_loaded_v object| wp object| _qevents function| atrk boolean| _atrk_fired boolean| headerTagInjected number| insticator_tg boolean| abpStatus object| InsticatorXmess function| ff_open_close_list function| ff_list_toggle function| ff_create_subscriber function| firefly_update_subscriber function| ff_check_list_checkbox function| ff_unsubscribe_all_list function| ff_subscribe_all_list function| ff_select_all_list function| ff_open_subscriber_form function| ff_open_preference_page function| validateEmail function| ff_update_subscriber_email_inputs function| checkAlmostVisible function| setCookie function| firefly_ma function| isMobile string| ff_source undefined| deferredPrompt undefined| $ function| jQuery object| __twttrll object| twttr object| __twttr function| 4dm1r11545242527 object| jeengConfig function| setImmediate function| clearImmediate function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __values function| __read function| __spread function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault object| jeeng object| google_tag_data string| GoogleAnalyticsObject function| ga function| fbq function| _fbq object| regeneratorRuntime boolean| apstagLOADED object| COMSCORE function| udm_ object| ns_p object| InsticatorApp string| insticatorHeaderCodeVersion object| __webpack_exports__ object| instBid object| ads_list object| embeds_list boolean| isPageviewSent object| federatedObj object| confiant object| ggeac object| google_js_reporting_queue object| wpJsonRciWidget object| ua_result function| __NEXT_PRELOADREADY object| revcontent function| renderRCWidget object| ats function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| InsticatorCommenting object| sas object| apntag object| _ADAGIO object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady function| owpbjsChunk object| owpbjs undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| cnx_usr_storage function| dspCriteoRTUSCallback function| instBidChunk object| _mgIntExchangeNews object| MarketGidInfC1280823 boolean| mg_loaded_542039_1280823 object| ampInaboxIframes object| ampInaboxPendingMessages object| __connect object| player_instance_fed468d81c0640b293c25a785105031c object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins number| google_global_correlator function| cnxProxyTask boolean| inDapIF boolean| inGptIF object| dicnf number| google_srt object| viewReq function| vu object| w function| err__1656114248715 object| GkEkQif6INZKXAE-PNQESRSrDNk boolean| isActive string| __bdata string| medianet_bdata number| medianet_stime string| medianet_csip string| medianet_bcpf string| mn_csip string| mn_bcpf string| medianet_width string| medianet_height string| medianet_adt1 string| medianet_adt2 string| medianet_bdrId string| medianet_sbdrId string| medianet_crid string| medianet_versionId string| medianet_auctionid object| medianet_misc string| medianet_requrl string| medianet_chnm string| medianet_pid string| medianet_ecrid string| medianet_tpid string| medianet_cadomain string| medianet_ctype boolean| isPxlSent object| onClickExcludes function| mgReject1280823 function| mgLoadAds1280823_143a3 function| MarketGidCReject1280823 function| MarketGidLoadGoods1280823_143a3 object| _mgq function| _mgqp number| _mgqt number| _mgqi object| _mgPageViewEndPoint542039 string| _mgCanonicalUri object| _mgPageView542039 string| _mgPvid boolean| i.js.loaded boolean| i-noref.js.loaded boolean| isCommentingRequested object| $SO function| cnxAddEventListener

60 Cookies

Domain/Path Name / Value
www.westernjournal.com/ Name: ADRIZER_SOURCE
Value: {%22value%22:%22social%22%2C%22expires%22:%222022-06-26T23:44:06.381Z%22}
www.westernjournal.com/ Name: ADRIZER_WIDGET
Value: {%22value%22:%22%22%2C%22expires%22:%222022-06-26T23:44:06.381Z%22}
.westernjournal.com/ Name: __asc
Value: 313cf9311819819f390056084d9
.westernjournal.com/ Name: __auc
Value: 313cf9311819819f390056084d9
.rubiconproject.com/ Name: khaos
Value: L4T3NW5C-28-HYQY
.rubiconproject.com/ Name: audit
Value: 1|SDziDG3X/Eitg6qpwOFQ/LJGe4Ni1ThWK2euPP2lVg20RTcz8e+19fTTvNfMK7L9/6p8cTWaih7J9eV3Icust5vS3/LLK+yPzG6FmltYou1hn45uhEziTw==
www.westernjournal.com/ Name: ffpvi
Value: 2
.adnxs.com/ Name: uuid2
Value: 5505168957269104028
.mgid.com/ Name: __cf_bm
Value: YU9vrKR4KvIWwmkd0rh9bZm2kbgLi7FlzjO7YKNxmpw-1656114248-0-AfVASqVeDfGSzqL8HEsiUs6vZ3R1DmeKwoFltk5wSfrUBiVpJ4xiM1sWFrp6ceId/ydUZ/Q0EbcvmyQMxy2Xzbg=
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 334bf27a19087117
www.westernjournal.com/ Name: mnet_session_depth
Value: 1%7C1656114246812
.westernjournal.com/ Name: InstiSession
Value: eyJpZCI6IjFhYTZhOWE3LWM2M2ItNDMyZi04MmY4LTE5YzgyNzNiMjAxMCIsInJlZmVycmVyIjoiIiwiY2FtcGFpZ24iOnsic291cmNlIjoic29jaWFsIiwibWVkaXVtIjoidGdtIiwiY2FtcGFpZ24iOiJ0Z20iLCJ0ZXJtIjpudWxsLCJjb250ZW50IjoiY2FuIn19
www.westernjournal.com/ Name: plsVisitorGeo
Value: DE
www.westernjournal.com/ Name: plsVisitorCity
Value: Nordrhein-Westfalen
.westernjournal.com/ Name: _gid
Value: GA1.2.609141622.1656114247
.westernjournal.com/ Name: _ga_DCR5CPLYCJ
Value: GS1.1.1656114247.1.0.1656114247.0
.westernjournal.com/ Name: _ga
Value: GA1.1.1586728738.1656114247
www.westernjournal.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.westernjournal.com/ Name: _pubcid
Value: 938484e2-2d2c-447c-b166-2017eb23571f
www.westernjournal.com/ Name: hb_insticator_uid
Value: c61d5f03-0670-4713-b0cc-02d7d89d60be
www.westernjournal.com/ Name: ucf_uid
Value: 66c5e703-daa2-4ed3-b905-99df3b32505c
www.westernjournal.com/ Name: visitorGeo
Value: DE
www.westernjournal.com/ Name: visitorCity
Value: Essen
www.westernjournal.com/ Name: visitorIP
Value: 37.58.58.243
www.westernjournal.com/ Name: _lr_geo_location
Value: DE
.quantserve.com/ Name: mc
Value: 62b64c49-16ced-99ab4-61aab
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: HAPLB5A
Value: s56129|YrZMT
.adnxs.com/ Name: icu
Value: ChgI27RDEAoYASABKAEwyJjZlQY4AUABSAEKGAi1m3oQChgBIAEoATDJmNmVBjgBQAFIARDJmNmVBhgB
.westernjournal.com/ Name: _dc_gtm_UA-54260989-7
Value: 1
.westernjournal.com/ Name: _fbp
Value: fb.1.1656114247653.1716539510
.gumgum.com/ Name: cs
Value: true
.gumgum.com/ Name: loc
Value: SfolTs1ZIlM84W2T_Mq8iER0fEkh1KdQYVCgn7rD1c3HjuvVSf9g9axLhKRU_NF3OjayRiIKcE-vIajS1hPOyNksLPPEPOmXlOOTPqsrP1c
.gumgum.com/ Name: vst
Value: e_69fd225c-2990-4ff5-96d8-d65221652b0c
www.westernjournal.com/ Name: cto_bidid
Value: 5ZAZjl9oMDlVYVQ4SWdVOUZBZElZMXlQOFliOSUyQm5Zbzk3VGk1WllZTGxRVlglMkJOYkhsMk0lMkJROFc5Tk94WlBVRHZtUHJRbWRtMmEzR3dNNXFzSWEydWhjbW9iZyUzRCUzRA
www.westernjournal.com/ Name: cto_bundle
Value: 6LD3Nl9ZYUZPUm01d1k3eUFpR2VyVzVUQWk3dllzdXV4MnQ1MnpLNHdlbGo0WW9kYThFbDlMbDlqVkpnWkRzeXBPWjYxTFhwZzFXZlhLU25menNKcjRVSjEyeW9JM2ZEazM2OEhxRiUyQmlWVEtISnpWZGxXc2tjZ3pwcEhobGZSNnlkT2xm
.prebid.a-mo.net/ Name: __amc
Value: 1_1656114249_1656114249
.westernjournal.com/ Name: __qca
Value: P0-1248229432-1656114247509
.doubleclick.net/ Name: IDE
Value: AHWqTUnKgw3_6h4kuew1P7_gIukQCT1ATR6rCSF31pW8cWteg_o3apE4KHDL89lXAOg
.aralego.com/ Name: sspid
Value: 66c5e703-daa2-4ed3-b905-99df3b32505c
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.westernjournal.com/ Name: __gads
Value: ID=340cfd3150f9dccc:T=1656114248:S=ALNI_MZAZU7QWRyJIyp_708O-GtNkzaMtg
www.westernjournal.com/ Name: MgidStorage
Value: %7B%220%22%3A%7B%22svspr%22%3A%22%22%2C%22svsds%22%3A1%7D%2C%22C1280823%22%3A%7B%22page%22%3A1%2C%22time%22%3A1656114248982%7D%7D
.westernjournal.com/ Name: panoramaId_expiry
Value: 1656200650856
www.westernjournal.com/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-06-24T23%3A44%3A10%22%7D
www.westernjournal.com/ Name: _lr_retry_request
Value: true
www.westernjournal.com/ Name: _lr_env_src_ats
Value: false
.creativecdn.com/ Name: u
Value: JFJI5F1ax5Aj0gpG4E6F
.creativecdn.com/ Name: ts
Value: 1656114252
.casalemedia.com/ Name: CMID
Value: YrZMTJdk-bu-islkQB3fKAAA
.casalemedia.com/ Name: CMPS
Value: 1147
ex.ingage.tech/ Name: instUid
Value: c61d5f03-0670-4713-b0cc-02d7d89d60be
.mathtag.com/ Name: uuid
Value: bdf962b6-4c4c-4200-98f0-05b92e031e3d
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-699de3fa-ed26-4078-a696-12c9106acedd-003%22%2C%22zdxidn%22%3A%222069.50%22%2C%22nxtrdr%22%3Afalse%7D
.aralego.com/ Name: gdpr
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YrZMTQALTZmdmgAj
.yahoo.com/ Name: A3
Value: d=AQABBE1MtmICED96KTmvF55-2dTRJjC2UOUFEgEBAQGdt2LAYgAAAAAA_eMAAA&S=AQAAAiEZsS87oSty-oXZ87XjJ8g
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.amazon-adsystem.com/ Name: ad-id
Value: A8o2czOGU0K9mkMYWMrcF8k
.westernjournal.com/ Name: _awl
Value: 2.1656114265.0.5-219f985e2c355e252482af5add609114-6763652d6575726f70652d7765737431-0

16 Console Messages

Source Level URL
Text
javascript error URL: https://www.westernjournal.com/notebook-uncovered-brian-laundries-remains-contains-shocking-confession-gabby-petitos-murder/?utm_source=social&utm_medium=tgm&utm_campaign=tgm&utm_content=can
Message:
Access to XMLHttpRequest at 'https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.westernjournal.com&pubid=da224ee9-07c8-4a80-87e4-528df4ac939e' from origin 'https://www.westernjournal.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.westernjournal.com&pubid=da224ee9-07c8-4a80-87e4-528df4ac939e
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://b2cdn.automatad.com/geo/OaEAJP/all-geo-W/afihbs.js
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://s3-us-west-2.amazonaws.com/files.getemails.com/account/K97HRE0/source/getemails.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
other warning URL: https://7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 11)
Message:
Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://contextual.media.net/nmedianet.js?cid=8CUL2446F, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://contextual.media.net/nmedianet.js?cid=8CUL2446F, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid6.20.0-3.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d3l320urli0p1u.cloudfront.net./script.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid6.20.0-3.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=88
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7991c9d1db2ccb7e1252bf866f962e9b.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad-cdn.technoratimedia.com
ads.eu.criteo.com
ads.pubmatic.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ams1-ib.adnxs.com
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
assets.revcontent.com
ats.rlcdn.com
auth.instiengage.com
b2cdn.automatad.com
bh.contextweb.com
biddr.brealtime.com
breadbalance.com
c.amazon-adsystem.com
c.mgid.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
cat.nl.eu.criteo.com
cd.connatix.com
cdn.adnxs.com
cdn.aralego.net
cdn.mgid.com
cdn.revcontent.com
cdnjs.cloudflare.com
cds.connatix.com
certify.alexametrics.com
cm.g.doubleclick.net
cm.mgid.com
comment.instiengage.com
confiant-integrations.global.ssl.fastly.net
connect-metrics-collector.s-onetag.com
connect.facebook.net
contextual.media.net
cookie.lmgssp.com
creativecdn.com
cs.emxdgt.com
csm.eu.criteo.net
d31qbv1cthcecs.cloudfront.net
d3l320urli0p1u.cloudfront.net.
d3lcz8vpax4lo2.cloudfront.net
df80k0z3fi8zg.cloudfront.net
eus.rubiconproject.com
event.insticator.com
ex.ingage.tech
fastlane.rubiconproject.com
g2.gumgum.com
geo.privacymanager.io
geoip.insticator.com
geoip.instiengage.com
get.s-onetag.com
go.automatad.com
gum.criteo.com
hb.aralego.com
hb.emxdgt.com
hbopenbid.pubmatic.com
hbx.media.net
i.clean.gg
ib.adnxs.com
id.crwdcntrl.net
id.rlcdn.com
id5-sync.com
image6.pubmatic.com
imasdk.googleapis.com
img.connatix.com
img.revcontent.com
ins.connatix.com
insticator-d.openx.net
insticator.technoratimedia.com
jsc.mgid.com
kayleighmcenany.saferead.org
lit.connatix.com
match.adsrvr.org
mug.criteo.com
onetag-geo.s-onetag.com
pagead2.googlesyndication.com
partplanes.com
pix.eu.criteo.net
pixel-us-east.rubiconproject.com
pixel.quantserve.com
pixel.rubiconproject.com
platform.twitter.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.media.net
product.instiengage.com
protected-by.clarium.io
qsearch-a.akamaihd.net
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
region1.google-analytics.com
rtb.gumgum.com
rtb.nl.eu.criteo.com
rules.quantcount.com
run.crtx.info
s-img.mgid.com
s.amazon-adsystem.com
s0.2mdn.net
s3-us-west-2.amazonaws.com
s3.amazonaws.com
sb.scorecardresearch.com
script.4dex.io
secure-assets.rubiconproject.com
secure.quantserve.com
securepubads.g.doubleclick.net
servicer.mgid.com
signal-beacon.s-onetag.com
signal-metrics-collector-beta.s-onetag.com
signal-segments.s-onetag.com
soapps.net
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
static.instiengage.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.aralego.com
sync.mathtag.com
syndication.twitter.com
tag.1rx.io
telemetries.jeeng.com
token.rubiconproject.com
tpc.googlesyndication.com
trends.revcontent.com
u.openx.net
users.api.jeeng.com
usersync.gumgum.com
vid.connatix.com
warp.media.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.googletagservices.com
www.westernjournal.com
yeet.revcontent.com
c.amazon-adsystem.com
capi-tier-2-us-east-2.connatix.com
contextual.media.net
csm.eu.criteo.net
pagead2.googlesyndication.com
pix.eu.criteo.net
platform.twitter.com
s0.2mdn.net
ssum-sec.casalemedia.com
static.criteo.net
104.17.120.107
104.19.132.78
104.19.133.78
104.244.42.72
104.90.104.226
104.90.104.242
104.90.104.26
104.92.74.8
13.224.189.48
13.224.189.9
13.224.195.78
13.225.78.28
13.225.78.71
13.225.78.93
13.225.78.94
13.225.78.99
141.148.45.191
141.95.98.71
142.250.74.194
147.75.85.234
15.197.193.217
151.101.1.108
151.101.130.137
151.101.193.194
151.101.194.137
151.101.66.137
151.101.66.49
151.139.128.11
152.199.22.191
162.210.196.208
172.217.16.130
178.162.133.150
178.250.0.157
178.250.2.148
18.184.197.212
18.195.155.181
18.207.20.6
18.213.182.17
185.184.8.90
185.29.132.245
185.33.220.145
185.33.220.242
185.64.189.112
185.64.190.78
185.93.2.243
192.96.200.41
198.148.27.140
2001:4860:4802:32::36
209.54.180.144
213.19.147.43
213.19.147.44
23.35.228.23
23.75.240.210
2600:9000:2156:6000:17:5bae:c7c0:93a1
2600:9000:2156:7800:10:3422:3f00:21
2600:9000:21f3:7800:d:99dd:3480:21
2600:9000:21f3:c400:1c:386f:ec80:21
2600:9000:21f3:c400:8:48e:53c0:93a1
2600:9000:21f3:ec00:9:78a:e540:93a1
2600:9000:223c:b600:6:44e3:f8c0:93a1
2600:9000:224a:dc00:14:248f:8500:93a1
2602:803:c003:200::41
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6816:39ae
2606:4700:10::ac43:a93
2606:4700:10::ac43:b63
2606:4700:10::ac43:efc
2606:4700:20::681a:8a9
2606:4700:20::ac43:47fe
2606:4700::6811:180e
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1288:80:807::1
2a00:1450:4001:80f::2001
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:811::200a
2a00:1450:4001:812::2002
2a00:1450:4001:828::2001
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2004
2a00:1450:4001:830::2008
2a00:1450:4001:831::2002
2a00:1450:400c:c07::9c
2a00:1450:4014:80e::2002
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::4
2a02:2638::1c
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a05:d018:d29:3601:2eab:9250:340e:ef2b
3.129.144.192
3.131.187.0
3.68.4.6
3.73.18.26
34.107.148.139
34.117.228.83
34.120.133.55
34.120.247.19
34.149.135.5
34.149.20.76
34.227.129.115
34.243.115.165
34.247.205.196
34.95.69.49
35.244.159.8
35.244.174.68
52.217.87.78
52.218.169.88
52.3.110.18
52.48.133.87
52.74.46.15
52.94.222.140
54.73.172.28
54.76.208.161
67.202.105.21
69.173.144.138
69.173.144.139
72.251.249.9
8.2.110.165
8.43.72.98
92.123.194.140
99.83.181.31
99.86.4.6
99.86.4.91
002ca41a00cefb59d55419145c2671003bbfe1d87f01d35fb84b926c107411ae
02fac5723af68ae2dc0ef378bd85d2bd698584fd9c89a90122c34d988c39503b
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06cec1f5d6ddbd571ebcea93c0d7b118b301b5a90d0dd01cc0fc3ddfcc7c5463
074dc47c45fe9549f97e9266f379162065c0d47e1365a91778a1e92ebcc8f903
07524aa416e4a3f7a08a65f65cc991c4cef3472db97a83b16e57c5fad30933ed
088940816fba841003999c5d18402699d7031ddfd94fc77a6dd47bade79f51c9
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0cb33c0612122c24e36d7e9e4946b41ec3d2f0016a96fab8354cb9e15c639ef1
107efb180fdc839cd0c0d138c64525679bfe24d23a45dfe2d707a3d9ec03ed16
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1598e045b4d9e7ab54c8164d124493be8cb6030eea6cccbbb41744487dbf8d9f
16ae13b9f4cb67dc5ffc83bc2fc990aec4ff4149b1cd80935978fe0ca05812a9
16d62e24c637636ec932e60a1e86a40422835c4b631f0693385a0e9469d31cc1
19aa008de673ad3fe029942e7306efea84b9c8d39f564a119ef5a3e8da2ba70d
1a113034bdbdeaa7add41b1d85d4ebb360ceab32740506bef533dd883ed1888c
1bc0a7a9de39aa054b47f03bbe8b2340a9f876b012cef93dfef3513101ff72cd
1d9411a3eb3af20c314c2ee4bc617596a0347dc0eb50cfeb3c7a1cfb4e87c162
1de3183f58ea96ee900802b3cc95cfcd8243c0e59ce4e76fcd0cb0fcb7344ae6
1df992a66032f716e701f7b66de7332ecd323263d44fa83482ded9002c7dbc1b
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
2151acb1544f96b2cb90d3d55aa1cb47b92b24ce62e113583bce8321e0173982
2203165be79bbff463ca7d9d14fe08dd98eaf0f679404d5ace93a3acd1617f4f
235807101dabfaef2fd3dd7601fc93ec442b6f300a3acb712091092b089778da
239905ea2a4cb2d69b0cd5fe3288d88914ba9273aaa40d257bf2414a7fc0aa69
24f3dba78c31c5d70638101d559216361f0a1b8e2ce168a784a57bafdc971f86
2b174c2de49f6aa7f8b72125c63c163012b9ff34afdbdaea39b4c499e1d16df8
2d6e7a5d8efa320d78ef0c482eaf81cd3fc14cac1a0e0fc736f46b8d2becf47c
2ea4e6420a06884ea2613cad4c76e860fd3bc2880a226d838d854c7d5bbbe80c
2f5480931d570230ca5087ec63c857fb9d60d1afdcd33a21fbd75e814f0d299b
3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c
3475529f045a7ada245639945e7453d80c95b1013693bde90abfdc2bae7fc53f
3635776f47217bf4a7882eab908fc0e265cdd5e287e98f93e923a51a458afdc1
36c33f3a067ff55b9289f4dac7a17385530d015ca98991634554934b3d80a477
38ffd5b3a278cbd8b0ba2117c4f26551c830522dfba7c0b4d6b72472a22ad9fc
390a2fdcf12af7d5d900541bb5ed21a7d43b581f11229bee320c32c204c5182c
3a8a003a69d26abd22359d9e8f1c6d576476dc102772bc316c3ba8f9d0d1869b
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41751107db43a49408b7b0a7f456d3fb9fbc1a1118e1487089f735304eeaeebb
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42bedeaa3e8903f5afc6fec296baf6345512612bc118e050efa7002882dd1ac6
43f89f7fc4aabb3e5fe28b7c5ad63d387be7b1312833b8e59586a34dbe23c995
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44ceb64a19985b5e85e653cc16ec6a3006d2f636d95d99dc3a83a726851d3e38
454e275a24548d7c90f785185bef0f45a1a31227dbdf262e23663d3a1c893d34
47e3b1dfa1b0536dd841b3050192eb51ce77147865d49a85408497f1196f2a59
48a36cdd95cbd1eb349dbd2c9edc359a416dbc707e394c902252982ba2579b82
490dd47125a8e21c381273ac9b7b95ad05c1e9957c6b7862b149ebf1959a0efe
4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae
4c7ade1d6ee1350da73979edf8c9576a2e7bc38c159ff30aa6069adbb88244fc
4d64259e1efa5608b9da553ac10da15df5717d41e66fc25cada5a83697b72bed
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e2410217dda463e6c034bac323d061e3266d58ecc5f15db6e4f297a192598c0
4ebde66d951b946a57ce4212eb3a16f7727ff4f9d63429303d1df9f57e528732
4f129931bad21a887749f3132874c1f32581913d703f9e76179d842898cf12d6
4f8035e9fd480fae061866c65c51ca5d4a47a8b231a7abb995e6b9e028305bc5
50f1e71c7797ff502083a5363978998411a1732de42a8d0559f80ffe450b50e3
53e1369164fa72e42838596ca445156cffa5b7777a224844ee3713de73e26e45
59184c3a8f99aa481e7d8ee57391c6573bddb78be37f5f82da73c4b42ac28c30
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5db570e9bf0f897dc63fb066146511c5258b1c5b9d7e59e33c5c89e12fd7bd4b
5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
5facd4568889c6ffce325fcca41eec6dfb52d8972fbc331c295e86591b355820
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
61e6d52c648abdf05377bb032cc277fbb72a2d28f6f884f4c23a6cfc73551669
62b994e83624d746da4862895d63dd1fda14d7e851270b153f5335a9b74e17ff
66209bec2d6a6e5ff98435e03508825e6e50015917ac83302f4b438603d33476
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b40f0d5cfa95c272e1a5a6c2ad7b9089ad07d3e938ea0f9f0693ab7f6a175e6
6c57df6087a682168872106bbb7c49839cde546aa4ebaa37ac064b123047689d
6d28615c5ee8460cd28dde1e013c07cce9df8adee65bb5e0c8af2321cf442827
6d4114554a7acb97a5042f30c015a76309d9b3e50d43997902f8a2192b85c264
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
73b097d8fded70411bde81cb61b21d7c3279628c1b23231eac3b497b6fc2842c
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74aac076c1185350647d5c03245d0fa419dae54c7f8ca7560d4fb6a2358a3f71
75b97a0ddeffae2f46af1f6f06656851e305362ed808d2d695ea098cf2b83ade
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7e9fa5da553218275bb1d00114d0f14bc8c5b1833ea3c0b633921d455fdb1f46
7ff58dbd76cc8bee4b3e4516ebfd093ec8daacb60c7db00f1636118472efc2b7
8021f392775744ed17b0576342c6baaf7a14d4829ad144b90cdf9ac7122f725a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83d0526b6227f7f8e076d27900586b9a0712b48d50ac08266d5cbb97520194be
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
8716001d681ab825c188c991accf1ed80cbc67cd16c98ecf787d7e13b3d32b6f
882e75fa8aefbf0f38095f5baf2e28b34f5f16a4ad0a7ef9d69ff9b933956b5e
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b30b5297dd386a87c43de90a466b2466831b37adadfad245b66a0e54f1d9a56
8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7
8d551b63dff6b1087f4b198dead625278f879d740aba21a7aaa14ecb2c07e5e1
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e7e6f292a3241de5e35474380f8f3066f83231b54503b35eb9772b2017e2b43
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8efa58b9db9ffd1975cb903d70775eea90216059c1b69821723f7a959f50f038
8f3e38a262ae300f7e99e8ab0950ea6e67d7404331b374506bc0cd60e03e69cd
8f590898565021db0f62b4773bb41bcc4635f72415931bd8043c0233d0e749f1
9012265e619df16abf9d30aa85b6777bfb81de075b1136697a3ba208d0efb4f3
90176985c01af6ad56f71f16d239840e755dea86f271d10d56f049b97463acca
90d2d1168c23fe435246d014c53e3b3d466e7eeee4f8a65d7f582787af96e84c
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
94934ad8e46db35a51ffeb53dce44c9f879db496251b83f8c7443d2d84a8bb38
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5
96d484d4c55cfb18f67ea90802aa4e84b96c0573a907fd22f338844bb1625bf4
9ac14b6764f63f4a61f8ffc9fa50fecdee012c724c9699a7dde8a62a2ae857d8
9ad498922283d143b7abade92e57ea7f0aea2bd35655220dc50a675f463a3c04
9e6ea77f1468c678fa18c965cfc4e8e1f50a48212df52bf7a951d63da30ac22e
a01debc9d2b1d6d7d6c604a09a30ad3ab782b6bf00a04f613eaeaea2a8952202
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a10508ed79a478a619e4d791409f24f37b58d1f2dd47e423ad5b63137f5da720
a15f95e938fbfd9ffef12a20682cdb3eebc3cfefa4843ceab38d0ff1a612cbda
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8307d6e6de560c583cdb0b895d308b7b957d2c94c4a7d545ae00020335b89e9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b119677aab360b1b7905cbc521eba617ec9429c3bff70cd00b9f6ccddcb3e026
b27ab9354547c9cd3fc1dcf035b84230a6525038364262e3f5ed294709fc1c7a
b53b47e5a8bb654decb02cc6736cb5ff1dd834cb829e944e56144e91c2e0993f
b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6
bb3e8a92ee4b87659bc5cf4b6acb66f72b854337fbbe60802dfd4e6d55ae8642
c11a3613e170b16988f0b2d00354054ea95a77986d10a8cecba9c0697451285c
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c255bc1459516b53fe85e6fa8b8c6c06868986ae7077d89f897e5a5b624a3612
c3b327a1abb414ad4ecf04c5247215019996f3107cb1f766d0a027798be45b3c
c542d54ca710cbb971437bc0b2c8979d90f98ce1fab18854a2acaef225ddfc2e
c55385c2c0d6655032284dea4b251c28a1996e612e089f2789f65f4d92a09a61
c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c7cba051adb45bda78591c9b2f415a1009c62ca0301df36f7d92291bf5d423b4
c8a778d5fa59d4a504855f9230149b9b3d99a13bf9a3fcf984c9c4d19203a118
ca1ab0ec9fe0a49f58ff50136a015c7a02471d5bf089129cdaea3d82ae47b046
cbff952e8c47bf976906662ac210c3ae9aaf8e10820d404e8f760bc273bcb4fb
d02385f4ea73da5807796463aa3b1d17773858a8a58cd44bbe393793396e8e5a
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0f3e01f5c6b35ee75f07456af79f93e9477f1d0e167a6d82b11995a9967506c
d5971f631d8c4068fb7c19eccc9d738ef13785a1fe5c22184a394b5bf5f5130c
d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17
d88e2b8888ef8f153e5ba727dfde5f5e7d90354c697d1c707711520237a294e6
daaf53498a72eab3b356181d1252e9a8f1fb0891480928a5699b6df3b897e907
dc5e1969ad56002225002be81a554c50e155877e8721fe6ef31f1fc98d33df24
dccafac57a7fcedce0d95d35007b502104f45b82f43f052159c370258ef13a53
dd7fc8beec2043387b5f1875fa23cadf0395ff459a2edc449d4179af9422bc1c
dea36661bcd2e84495bb6ab5c2b679cde1267f5fd6e9e4f44908b3acb8816ec6
df1bfdeb4012eb958a83f652311e16d8f2e1a20a59b47eef7994078fa8ed5218
dffb10001fdf28c41dc4fb6143a37317eea4fd2a561c0960eb19de3d2c77ffbc
e1912d128bc417ca4901502317ca2327d83cb1585c70b0f9dd72ce75de72c955
e23c8e8a17ec1e74feb3960c68fbb83528cba8438f74dcc66d5675120f7e2e07
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8d02d3fe6eca2ba0b9baf7646e64b90286b24f3b055816ef8f5903de09cc835
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e9464ed692c6ced184204c81937d8e95fec43d9b207aca9a512fc03a6879ca75
e9bead8b43eda156bc7763b9804252df01174b483e33c69f934c970474e17d51
ea29bd770b763910bf9b6336a4304d243a1bdaaa5054c61c329378da343a1b55
ebcc8d707eab793eab2a1b184c2834cb646a724999efad20e4992130041522d1
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ef18d567ba54e04ac993dd3f2678a02fb9b280134793978a987b572c37cc4578
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09d1a217da176f2dcfd4ed359c00396ddb9a30fcec932f5b8cc1d5b707de64d
f4241710e57486ad91102e31823e855469608e1aea362f1f0e059609c9eb9a56
f4acfb16299806e77e1da433abba8a24380022da1c3217f72c56be8a5a1cea72
f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f8c33aacb1c3df2d8748287e367278db59808642536709a4090d178a73cfe13c
fa41f74f82d68f4d212c2199e8d46f06a61a4d033c54e69f8a24caa3161f463d
fb513f6173396cc8dcef3ae1f88b0b8b11a1cd5b5e1142639c83e91c7ae26e08
fb66b921631fedc2fc9d2c817ca2d835005f7544c08f40024c737b17863b3e3e
fb7e70becd9b9f29c4afe8b2b82eef24739e120c0abafc812e24c8362657f37d
fc6679c71ac75dd311c0014d34ecae7e64f7d98d2c9ee47d9abe610fed1216a0