salem-news.com Open in urlscan Pro
192.241.229.70 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://salem-news.com/
Submission: On December 08 via api (December 8th 2023, 8:01:09 am UTC) from US — Scanned from DE

Summary HTTP 253 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 51 IPs in 8 countries across 28 domains to perform 253 HTTP transactions. The main IP is 192.241.229.70, located in San Francisco, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is salem-news.com.

This is the only time salem-news.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
39	192.241.229.70 192.241.229.70	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
18	13.227.219.97 13.227.219.97	16509 (AMAZON-02) (AMAZON-02)
1 8	23.73.140.71 23.73.140.71	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
2	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
4	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2 17	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
3	13.32.27.71 13.32.27.71	16509 (AMAZON-02) (AMAZON-02)
6	2600:9000:244... 2600:9000:2447:8e00:2:8531:afc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	18.66.248.87 18.66.248.87	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:780... 2a02:26f0:780::210:a46a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:264... 2600:9000:2644:ae00:a:de49:b100:93a1	16509 (AMAZON-02) (AMAZON-02)
1 24	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6 8	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
6 10	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 7	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
12	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
8	138.201.63.145 138.201.63.145	24940 (HETZNER-AS) (HETZNER-AS)
4	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1 4	116.202.48.214 116.202.48.214	24940 (HETZNER-AS) (HETZNER-AS)
1	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 4	88.99.219.174 88.99.219.174	24940 (HETZNER-AS) (HETZNER-AS)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
5	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
2	13.42.211.181 13.42.211.181	16509 (AMAZON-02) (AMAZON-02)
2	104.64.118.247 104.64.118.247	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	172.217.16.198 172.217.16.198	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
2	18.66.147.41 18.66.147.41	16509 (AMAZON-02) (AMAZON-02)
2	18.154.63.54 18.154.63.54	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
4	35.177.10.97 35.177.10.97	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
253	51

39 192.241.229.70 (San Francisco, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: salem-news.com

salem-news.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 13.227.219.97 (Patterson, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-97.ams54.r.cloudfront.net

www.gofundme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.73.140.71 (Prague, Czech Republic) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-140-71.deploy.static.akamaitechnologies.com

oap.accuweather.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vortex.accuweather.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.accuweather.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.21 (United States) 2 redirects

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.25 (Brigham City, United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.27.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-71.fra56.r.cloudfront.net

cdn.gofundme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2447:8e00:2:8531:afc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.transcend.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.248.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-87.dus51.r.cloudfront.net

gateway.gofundme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:780::210:a46a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2644:ae00:a:de49:b100:93a1 (United States)

ASN16509 (AMAZON-02, US)

sync.transcend.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.36.155 (None, ) 6 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.171.149 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 138.201.63.145 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 116.202.48.214 (Kerken, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.214.48.202.116.clients.your-server.de

hal900013.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 88.99.219.174 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.174.219.99.88.clients.your-server.de

hal900029.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 91.121.248.44 (France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.42.211.181 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-42-211-181.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.64.118.247 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-118-247.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f198.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.147.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-41.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.154.63.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-154-63-54.dus51.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.177.10.97 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-177-10-97.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	607 KB
39	salem-news.com salem-news.com	372 KB
32	doubleclick.net 10 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 ad.doubleclick.net — Cisco Umbrella Rank: 139 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 98422 stats.g.doubleclick.net — Cisco Umbrella Rank: 75	158 KB
23	gofundme.com www.gofundme.com — Cisco Umbrella Rank: 35350 cdn.gofundme.com — Cisco Umbrella Rank: 41875 gateway.gofundme.com — Cisco Umbrella Rank: 39593	806 KB
19	criteo.net static.criteo.net — Cisco Umbrella Rank: 631 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10143 csm.eu.criteo.net — Cisco Umbrella Rank: 9625	134 KB
16	redintelligence.net 2 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37721 hal900013.redintelligence.net — Cisco Umbrella Rank: 203250 hal900029.redintelligence.net — Cisco Umbrella Rank: 261914	75 KB
10	gstatic.com www.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com fonts.gstatic.com	202 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	6 KB
8	accuweather.com 1 redirects oap.accuweather.com — Cisco Umbrella Rank: 74361 vortex.accuweather.com — Cisco Umbrella Rank: 36036 www.accuweather.com — Cisco Umbrella Rank: 15462	101 KB
7	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	5 KB
7	transcend.io cdn.transcend.io — Cisco Umbrella Rank: 5151 sync.transcend.io — Cisco Umbrella Rank: 10348	150 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	606 KB
6	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 24395 api.webgains.io — Cisco Umbrella Rank: 59842	38 KB
6	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 47317 medialead.de — Cisco Umbrella Rank: 46843	2 KB
6	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 93	3 KB
6	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 340 fonts.googleapis.com — Cisco Umbrella Rank: 29	269 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	319 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	42 KB
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
3	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 9522 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 10971 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 16218	53 KB
2	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 61264	4 KB
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 13930	1 KB
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 49821	4 KB
2	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 128498	2 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 763	13 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 1965	4 KB
2	paypal.com 2 redirects www.paypal.com — Cisco Umbrella Rank: 2085	1 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6765	408 B
253	28

	Domain	Requested by
39	salem-news.com	salem-news.com ajax.googleapis.com
24	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
24	pagead2.googlesyndication.com	salem-news.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
18	www.gofundme.com	salem-news.com www.gofundme.com
17	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
12	static.criteo.net	ads.eu.criteo.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
8	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900029.redintelligence.net hal900013.redintelligence.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
7	www.googletagmanager.com	www.google-analytics.com cdn.transcend.io www.gofundme.com adv.office-partner.de www.googletagmanager.com
6	imageproxy.eu.criteo.net	ads.eu.criteo.com
6	cdn.transcend.io	www.gofundme.com cdn.transcend.io sync.transcend.io
5	pv.medialead.de	hal900013.redintelligence.net hal900029.redintelligence.net googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net
5	vortex.accuweather.com	oap.accuweather.com vortex.accuweather.com
4	api.webgains.io	analytics.webgains.io
4	5994599.fls.doubleclick.net	2 redirects salem-news.com googleads.g.doubleclick.net
4	hal900029.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900029.redintelligence.net
4	hal900013.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900013.redintelligence.net
4	www.googleadservices.com	salem-news.com
4	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net ads.eu.criteo.com hal900029.redintelligence.net hal900013.redintelligence.net
4	www.google-analytics.com	salem-news.com www.google-analytics.com
4	www.google.com	1 redirects salem-news.com tpc.googlesyndication.com
3	cdn.gofundme.com	www.gofundme.com
2	www.accuweather.com	1 redirects
2	adservice.google.com	5994599.fls.doubleclick.net
2	cdn.track.production.webgains.team	googleads.g.doubleclick.net
2	analytics.webgains.io	track.webgains.com
2	www.awin1.com	hal900013.redintelligence.net googleads.g.doubleclick.net
2	track.webgains.com	salem-news.com
2	adv.office-partner.de	hal900013.redintelligence.net hal900029.redintelligence.net
2	fonts.gstatic.com	fonts.googleapis.com
2	ad.doubleclick.net	googleads.g.doubleclick.net
2	snap.licdn.com	www.gofundme.com
2	gateway.gofundme.com	www.gofundme.com
2	www.paypalobjects.com	salem-news.com
2	www.paypal.com	2 redirects
2	ajax.googleapis.com	salem-news.com
1	www.google.de
1	stats.g.doubleclick.net	www.google-analytics.com
1	medialead.de	1 redirects
1	rtb.nl3.eu.criteo.com	googleads.g.doubleclick.net
1	csm.eu.criteo.net	ads.eu.criteo.com
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
1	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
1	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	sync.transcend.io	cdn.transcend.io
1	region1.google-analytics.com	www.googletagmanager.com
1	oap.accuweather.com	salem-news.com
253	54

This site contains links to these domains. Also see Links.

Domain
www.cafepress.com
www.salem-news.com
www.accuweather.com
willamette.cafebonappetit.com
www.willamettequeen.com
www.oregonlegislature.gov
deepwoodmuseum.org
salemart.org
www.lordandschryverconservancy.org
auctionmasters.biz
www.myconstructionroofing.com
www.vipmay.com
www.mercurynews.com
purekana.com
premiumjane.com
www.dhgate.com
www.corsetwe.com
www.advancedwriters.com
internationaldriversassociation.com
www.buyatimeshare.com
www.laweekly.com
www.iraqwarheroes.com
eatsalem.com

Subject Issuer	Validity	Valid
*.gofundme.com Go Daddy Secure Certificate Authority - G2	`2023-09-12` - `2024-10-13`	a year	crt.sh
*.accuweather.com DigiCert TLS RSA SHA256 2020 CA1	`2023-08-14` - `2024-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
transcend.io Amazon RSA 2048 M02	`2023-06-20` - `2024-07-18`	a year	crt.sh
gateway.gofundme.com Amazon RSA 2048 M02	`2023-07-12` - `2024-08-10`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-03` - `2024-02-28`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-17` - `2024-01-18`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 29 frames:

Primary Page: http://salem-news.com/
Frame ID: 13805154744F3330CD4B30918C67F87E
Requests: 67 HTTP requests in this frame

Frame: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Frame ID: FFBFBF8D678FEDF02D70013DADF518C4
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/zrt_lookup_fy2021.html
Frame ID: 138BCCBF1BE47C45255964EEABCF142A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424
Frame ID: 11FE8B252DFDD723CBF980FD9579B779
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434
Frame ID: 456E0978ACC1408AF9B0D00624299445
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476
Frame ID: B6E8031CB1D3F62FE7C0F02ECB56306D
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=717473361&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=478&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=480
Frame ID: 2BF6EA4F85C628A0CF58FE7EAB9B1AE1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484
Frame ID: 2B3FC206F66B5A18CFDB6FB5C5C62EC6
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616
Frame ID: A0435DC3A50B575D4576822086CD6972
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&adk=1812271804&adf=3025194257&lmt=1702022463&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&dt=1702022463279&bpp=2&bdt=598&idt=397&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&nras=1&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&fsb=1&dtd=401
Frame ID: 48A5CABE6F763F09A9F39CBF1C540AE9
Requests: 1 HTTP requests in this frame

Frame: https://sync.transcend.io/consent-manager/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc
Frame ID: 80EB6C05E1A82B537FF2A660C30C4621
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXJfPb7Ex93i3PjbemJw8YYcmW7mEAomJ5Uo7UDaYRNcEnyu0hr0ZYYuwlplvaWtjTErcsNU2pifZ5wbIyO94aXcIpNzy90nXUbOzOO34PfgO0s2DZttMcsI8KUglq7_Ak5FnB6VJCyD2zu0_etQSysPiInwXw_e1Bs_VUUqc_DLcyZQgY
Frame ID: EC0D93D4D6496286EEBCE1673222641A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVNMZju6oi15VquZih5SZXrnImnwLZ9rFeMC7vw33i75E8f5-sYUZxK6fLEgmKni3QnYNadVaChgJrzWRyhaq2x1nzO0G8w4Fro9zqqj5uZzIKCckzeOvHwZo9dqQ3t_co-mLslUl8IYTp8OfNTaoWP-t5bjtfiBy04TYVdbvnDEcNsT6Q
Frame ID: 1E1908AA6E676B8690AC08D07C22861F
Requests: 5 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZXLNPwALaOwE0ahoAAdKNUWaFuq3yyY55N206w&u=%7CFYyMcIn5MguemZT77%2BffnmsiuuYFalILjXRjQzpUewk%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVoEdisV7DxsMY5FH7gWhn57lUHz9q-xyQc83aesKW2aroD1qkk83nnNJ5rOAdU9uTRJYfhv63SEeb3ziZUMJaHo7CVGyAmlNTc03ETEw7_r5CgXWEKebizqiswedGEmKeaZDo-XkSIIvaKE48EoMSRqw6euukMY1QsxqQvpKNo9Bbep8QCR52DUY2zjii-308QItbpUONjs8jQqdrxOjlxsFMmzrIczv7kWckv6RVwGq6nGDOdCDYErUYeY8A6SvwHSaWrmrH2CS-o2kWTs2OCK1BJ4qKORhU9qPhYwn554uwfrMSohgV_t7-eyilAARy4rHbEr0cv9r4u3-D5ytJzix-1u-PPSkEAuEmCPftdpHtefr4lExCjxXDa1o-ZmpbLXgnr0J0TKWHUV6TjxAI4xA-zzYrx6hFN9XS7F3K0zULMGpnaRki7Ff0mfvZaqlyV7nCRT-MLTJWTrz3_dPNCEq98WdiU8qStw6XWaDW4SH8BeFPaFlmZM47Ia8V_lZXs4rupi33jj0h3w25GnhJ5AtaLBiH1RP56XDiWSM4JF3LmrM2Sc3vk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVhRuP81yZezRLejQxtYPtZSdmAXJntKxXNWdkfdwwI23ARABIABglYKAgLgHggEXY2EtcHViLTYxOTUwNjM1MjEyNDE5NznIAQmpAmJck68wGbI-qAMByAMCqgT4AU_QGSPFMXZKfpA9jPgIQ4IOz3nfOoAnTN8AAHJdnb4kur7HwDA_XFrowMkuIsdvQOFSriq_nwcxdemR-QIiT3eItB1SzOTn2g98pUREQwycTxr-3c1d50Z0FCZQf1CbgWGfHcf-A5LhOD1yV6jLwz6S3mzJNuazagTm6uM4iwovL0SwsFBnye2tyK0VfmIKhhM-5_Ib8M_bwGNXXSvQzpB4rvWb2XyKqvLByUo6Pyzwd0S9Bbhuc-QzX5Awp-CZk9461UShaiOCO0olBvcUtEh3usjLJLooHYvS_AHaVgWizzeiRlgl25J_D8pQ0sKCecvzXKnuJ4IkgAb4heXCq4vgsYIBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WMye5OKv_4ID-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3cS_TE-XDJpmcyzRbz6N18EZdGNg%26client%3Dca-pub-6195063521241979%26adurl%3D
Frame ID: BB8A1A57233A711461FD857F0DB69DDF
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D5E3EC163C44E38C1F1C7DE5B245CBF2
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: FEA418D4C3CAB78B7134AC4A03E1B8C5
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: B265204F9DB6E9E6A04264C0CA9C12EF
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: 7AFDB64C6084637C3A740F73B5303C05
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 56CE398CCC168F2B6EE17E3F165754A6
Requests: 3 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 22CD21ABE928147A8794FF4D58558B1C
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=63972200028964304444550012532013&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: E4D358E112178B6F9F22E0BE253EB81C
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 7ACB2F5940AE1500C9101375DFC336A7
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=73922800031251304444550012532029&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 8EF4055D92C595E1DB44F58E7DC6D0D5
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874
Frame ID: 5DBF37D84348CBBFDAF2CFD4174EEACC
Requests: 2 HTTP requests in this frame

Frame: https://hal900029.redintelligence.net/request_content.php?s=73922800031251304444550012532029&a=bb27e413
Frame ID: 49403DF5B5BD0E3B7DBD53ACE979E2B7
Requests: 6 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113
Frame ID: DBFFB1395410365157B9033A1F610670
Requests: 2 HTTP requests in this frame

Frame: https://hal900013.redintelligence.net/request_content.php?s=63972200028964304444550012532013&a=1ede38ce
Frame ID: 98122FAA5CE2A229E260B1776928694C
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4FBB189346589FD0DEC5068A95C3AB3A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9FB46E0730E97C12595C89765EF32839
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Salem-News.Com News from Salem Oregon and the surrounding region.

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Zepto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

zepto.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

253
Requests

75 %
HTTPS

54 %
IPv6

28
Domains

54
Subdomains

51
IPs

8
Countries

3960 kB
Transfer

10843 kB
Size

23
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: http://www.cafepress.com/newzstore
Title: Company Store

Search URL Search Domain Scan URL

URL: http://www.salem-news.com/rss/rss.xml
Title: RSS Subscribe

Search URL Search Domain Scan URL

URL: http://www.salem-news.com/channel/cannabis
Title: SPECIAL SECTIONCannabis De-Classified

Search URL Search Domain Scan URL

URL: http://www.salem-news.com/tagged/Medical_marijuana/0
Title: PTSD - Medical MarijuanaToxicology - Pharmacology

Search URL Search Domain Scan URL

URL: https://www.accuweather.com/en/us/salem-or/97301/weather-forecast/330144

Search URL Search Domain Scan URL

URL: https://www.accuweather.com/en/free-weather-widgets?utm_source=salem-news-com&utm_medium=oap_weather_widget&utm_term=link_get_widget&utm_content=accuweather&utm_campaign=current
Title: Get this widget

Search URL Search Domain Scan URL

URL: https://www.accuweather.com/en/free-weather-widgets?utm_source=salem-news-com&utm_medium=oap_weather_widget&utm_term=link_get_widget_footer&utm_content=accuweather&utm_campaign=current
Title: Get widget

Search URL Search Domain Scan URL

URL: http://willamette.cafebonappetit.com/
Title: Goudy Commons Cafe

Search URL Search Domain Scan URL

URL: http://www.willamettequeen.com/
Title: Willamette Queen Sternwheeler

Search URL Search Domain Scan URL

URL: https://www.oregonlegislature.gov/capitolhistorygateway/Pages/Tours.aspx
Title: Capitol History Gateway

Search URL Search Domain Scan URL

URL: http://deepwoodmuseum.org/
Title: Deepwood Museum

Search URL Search Domain Scan URL

URL: https://salemart.org/programs/bush-house-museum/
Title: The Bush House

Search URL Search Domain Scan URL

URL: http://www.lordandschryverconservancy.org/visit.html
Title: Gaiety Hollow Garden

Search URL Search Domain Scan URL

URL: http://auctionmasters.biz/
Title: Auction Masters & Appraisals

Search URL Search Domain Scan URL

URL: http://www.myconstructionroofing.com/
Title: Roofing and ContractingSheridan, Ore.

Search URL Search Domain Scan URL

URL: https://www.vipmay.com/
Title: Special Occasion Dresses

Search URL Search Domain Scan URL

URL: https://www.mercurynews.com/2021/10/05/top-solar-installers-find-the-best-installation-company-near-you/
Title: solar installers

Search URL Search Domain Scan URL

URL: https://purekana.com/
Title: PureKana CBD

Search URL Search Domain Scan URL

URL: https://premiumjane.com/
Title: Premium Jane CBD

Search URL Search Domain Scan URL

URL: http://www.dhgate.com/
Title: Buy wholesale

Search URL Search Domain Scan URL

URL: https://www.corsetwe.com/corsets/black-corset.html
Title: black corsets

Search URL Search Domain Scan URL

URL: https://www.advancedwriters.com/
Title: AdvancedWriters

Search URL Search Domain Scan URL

URL: https://internationaldriversassociation.com/
Title: International Drivers Association

Search URL Search Domain Scan URL

URL: https://www.buyatimeshare.com/timeshares/Bluegreen-Resorts.asp
Title: Bluegreen timeshare

Search URL Search Domain Scan URL

URL: https://www.buyatimeshare.com/resorts/Bluegreen-Points.asp
Title: Bluegreen points

Search URL Search Domain Scan URL

URL: https://www.laweekly.com/the-3-best-places-to-buy-kratom-online-in-2023-a-guide-from-laweekly/
Title: Where To Buy Kratom Online

Search URL Search Domain Scan URL

URL: http://www.iraqwarheroes.com/

Search URL Search Domain Scan URL

URL: http://eatsalem.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif HTTP 301
https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif

Request Chain 33

https://www.paypal.com/en_US/i/scr/pixel.gif HTTP 301
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Request Chain 43

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1&C=1

Request Chain 115

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXLNQLD1w1nAVhU3XygNEwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM0-aLQLiQugL2fMAdRso3s&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEM0-aLQLiQugL2fMAdRso3s%26google_cver%3D1

Request Chain 117

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ1NDg3MzAxNDk0Njk2NTMx

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1&C=1

Request Chain 119

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXLNQLD1w1nAVhU3XygNEwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM0-aLQLiQugL2fMAdRso3s&google_cver=1

Request Chain 121

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ1NDg3MzAxNDk0Njk2NTMx

Request Chain 143

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOCat6zDHxCwCRiwCTIIZ7MB4_P2Swc HTTP 301
https://tpc.googlesyndication.com/simgad/3995853839924061625

Request Chain 153

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 169

https://googleads.g.doubleclick.net/pagead/adview?ai=CjajAP81yZf7uIY7vxtYP46KCsAbZ9IjXdNPjwquZEvHJ_d8FEAEguOarBGCVgoCAuAegAdKfouYoyAECqQKfI5h5SUldPqgDAcgDyQSqBPoBT9CSGJZM5PFTSptQWuoqlIregT8H7vXvMm_3x8e-bCWTlDTWARUNlw0kZaVYSjyYsQzgS0Bk09oP2e4drGVKmaqYqfp9kUz-qRHyiOVYjad6ATqwfJmlhSig3fpj0qHsfPucyj1pZ_oTnOBWGbZExIKqvPB8UxJxT7qbA0ogTgRRCVWXBP9eZR2SdsdMuI_30TNQjzk7_mec28DZC1N-jAhrxsGy00mZnXsdiL958WyFn6jgxMeSfvwp4NmQ4ZXProqv6H27FHyCWao5Qcrf-Kl5qoUm24G4trnjRlYhIHh1IG0y6dXedYcN8ZTO0ja_uzdryWLipLe4c8AExKTOmskEiAWH3bjMTaAGAoAH0tfyxQOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCTvwnSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WMSv2OKv_4IDmgkhaHR0cHM6Ly9zcGVlY2gtbW9uaXRvci51aS5vcmcudWEvgAoByAsBogwcKhoKGOS0sQLutbECtbixAuS0sQLutbECu7uxAtgTA9AVAYAXAbIXHAoaCAASFHB1Yi02MTk1MDYzNTIxMjQxOTc5GAA&sigh=aJNscm7kL3Y&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgDICaaNO46Tsn0ocNtbsl0poMNgdZicnGSao1cQRY8jqaJkEYmubUj9EaIi9gRfnJF5N9qLNZ1vnXbWyHlyqSpDOxRetmV4rUHBYr8zihgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217161298093834619946%22,%22debug_reporting%22:true,%22destination%22:%22https://ui.org.ua%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210951888850%22],%224%22:[%2212-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2271647060170354897%22}&andc=true

Request Chain 178

https://googleads.g.doubleclick.net/pagead/adview?ai=Cvs2EP81yZdrwJbbvxtYPzfGQqAXfiuC6dP_rvcaAErnu8MiqARABILjmqwRglYKAgLgHoAGhwJjxKMgBCagDAcgDywSqBIECT9DKXbSJp-m5FtEEVJR3QmazAufWGWX6qBKNP8MlAXgfDERxX-I7wkrM5Ht6BD0f9o8LL_wrH6kV5oAeGswznnyuaPr2m3ktNt9UJZoUTO-J-MrqLRbyUsClIWS7J_VaM2Zunv0wKXORTiLR3X9kQmZ00PC2bsguRlTSt70MLGZaOvSuYQGF4AEyUwXDhhZBOaPoLstzxXhNg6qMDIbPELB8HTJaxYF09OG7OheVfMm_Fdx_JiGhwGSLfxocO8Pw97smv8G1Sxu-haHt6TpCTGYUicXRwoPgdSlD_M_VV3OBlUpMZNdoFuRaBlH9kW8aNWs0TapYgRF5T3Fj3OnKwDzABIK7zYXLBIgF5uDK-UySBQQIBBgBkgUECAUYBKAGLoAHnfykowSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQjp8D0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlj0ndzir_-CA5oJgQJodHRwczovL3d3dy50ZW11LmNvbS9kZS9rdWlwZXIvdW4xLmh0bWw_c3Viaj1mZWVkLXVuJl9iZ19mcz0xJl9wX21hdDFfdHlwZT0xJl9wX2p1bXBfaWQ9NzI1Jl94X3ZzdF9zY2VuZT1hZGcmbG9jYWxlX292ZXJyaWRlPTc2fmRlfkVVUiZnb29kc19pZD02MDEwOTk1MjE1NzUxOTYmX3BfcmZzPTEmX3hfYWRzX3N1Yl9jaGFubmVsPW90aGVyJl94X2Fkc19jaGFubmVsPWdvb2dsZSZfeF9iZ19hZGlkPWdkMTExMTIyNy0xJnRvcGljX2NsYXNzaWZ5PTExM4AKAcgLAaIMICoeChzktLEC7rWxArW4sQKsurEC5LSxAu61sQK7u7EC2BMM0BUBgBcBshccChoIABIUcHViLTYxOTUwNjM1MjEyNDE5NzkYAA&sigh=EAMiB7BnS5w&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgDICaaNJVghiZuZ-gfOEhf8KlN-yPhcAcNlWeDnZjglhYdWeiP7x_yn5gOgXFWBxiy1wSZwhnNsfd2pIRB2Od3Gy6Kp-DNci1nnypE4LhgB&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225826953734395658352%22,%22debug_reporting%22:true,%22destination%22:%22https://temu.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210974797857%22],%224%22:[%2212-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221974436140348391521%22}&andc=true

Request Chain 180

https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 186

https://hal900029.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW-79P81yZeriJOGPvPIPq8-hgAOm5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAj5PGK7wGrI-qAMByAObBKoEmQJP0HwNW6ROAicizDfcWHd7rFKnuz47i9Qle9kIMrDvFkFBpR9oDU_BR910sWErT3txEf_PFx26dXbY0PF4MbOhrlpaxon8HjaA4AlUdpMojI_Fj88Vvf2bmdltivm1cyLCaJOltopJxbQ3T0MPEC1I_QXKFd3XWBkhxvXN3k-UbaQBOFN4DR7FB0SVQNS9YGQbOzgKZom72xhImNZtgOjRE7CZrq4OxxIxc0D_I1c36EKUISgBfr7JIT2VdXLUqnGlAL3ekbqkNg9p4Nt2LP29Vu4OrzUB6oHUqOHwwZkjteb2OJQGZl-mgVwppg40RF2IXMM_lPWni0A5ueS_Nif158apxNYjpnRsTT0mQVTIjt9n442xKkaSKcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljEu9vir_-CA4AKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ%26sig%3DAOD64_0-2F-Gl_qRkkFGAgl6wJKlpQDBBA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-AKHjlEvcgCbSxnqHqrw_X0NgMYZs_A9C6VfAwe5qhBxYE00Y7H099GPWpXkBcj0-_prGgriSLfiBwqFuUMGvYDTqrUlKhAD3a0hNUH7ehESzelFqWLh26CZeY8OqJ7rDRBKBkR_p1sGRsOkmxO28Q0Ow5Jp-C1mi0mjj89aBMyEhNUmtg%26cry%3D1%26dbm_d%3DAKAmf-DEu4HVpOl_ehDzhy01fTioZFnD9YML4ekAizR1ylgEnm6y1aNR-EWJeSUiOOGin204_7R3sOFt1Lsdq1IZDBUrefWHqSYrOI9iOe0GLn058i1JfjB-zbztA3QUM2YKMoiTfCnkOZ9I3JcDgziSpTvIiGxncPYQZ0o5x_O2jj-PlZmWd8v8aQZoxKzNoMKJFFmL_WO90wNQv7wG-opUYnY36w_E2K-u9L2Jei8sbmjMlMLHYgWpMrRe0CrDeqNKvBZgdI5NSRf68s2O8rVM6BZEBS__o66wAX1MMptrUJDDcEiSX02LvHnJPujmOMQxBaxTa5SyWcI-5ZkLQlgFUGz353KM_eic1Cby9BGndwvg5JauS-Xt6G5qkdLPhsejTGLahCuhL_l9WIQ7vmFlaCI55YbfebNDga0QSCi37EwA_SMJ_k3Y0kCw1QSnrj-RH4rVc0twtjzZEZv2Y_IC2bPctiVmyTPD33okqa_bV0mHwkc22SoFK1IOgavS9FBg2-wS6DO_-e86nDdse0tvhAglXziuhj2c6JmMHSI3PRN6yLWCC5M%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=4744328274247&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900029.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW-79P81yZeriJOGPvPIPq8-hgAOm5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAj5PGK7wGrI-qAMByAObBKoEmQJP0HwNW6ROAicizDfcWHd7rFKnuz47i9Qle9kIMrDvFkFBpR9oDU_BR910sWErT3txEf_PFx26dXbY0PF4MbOhrlpaxon8HjaA4AlUdpMojI_Fj88Vvf2bmdltivm1cyLCaJOltopJxbQ3T0MPEC1I_QXKFd3XWBkhxvXN3k-UbaQBOFN4DR7FB0SVQNS9YGQbOzgKZom72xhImNZtgOjRE7CZrq4OxxIxc0D_I1c36EKUISgBfr7JIT2VdXLUqnGlAL3ekbqkNg9p4Nt2LP29Vu4OrzUB6oHUqOHwwZkjteb2OJQGZl-mgVwppg40RF2IXMM_lPWni0A5ueS_Nif158apxNYjpnRsTT0mQVTIjt9n442xKkaSKcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljEu9vir_-CA4AKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ%26sig%3DAOD64_0-2F-Gl_qRkkFGAgl6wJKlpQDBBA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-AKHjlEvcgCbSxnqHqrw_X0NgMYZs_A9C6VfAwe5qhBxYE00Y7H099GPWpXkBcj0-_prGgriSLfiBwqFuUMGvYDTqrUlKhAD3a0hNUH7ehESzelFqWLh26CZeY8OqJ7rDRBKBkR_p1sGRsOkmxO28Q0Ow5Jp-C1mi0mjj89aBMyEhNUmtg%26cry%3D1%26dbm_d%3DAKAmf-DEu4HVpOl_ehDzhy01fTioZFnD9YML4ekAizR1ylgEnm6y1aNR-EWJeSUiOOGin204_7R3sOFt1Lsdq1IZDBUrefWHqSYrOI9iOe0GLn058i1JfjB-zbztA3QUM2YKMoiTfCnkOZ9I3JcDgziSpTvIiGxncPYQZ0o5x_O2jj-PlZmWd8v8aQZoxKzNoMKJFFmL_WO90wNQv7wG-opUYnY36w_E2K-u9L2Jei8sbmjMlMLHYgWpMrRe0CrDeqNKvBZgdI5NSRf68s2O8rVM6BZEBS__o66wAX1MMptrUJDDcEiSX02LvHnJPujmOMQxBaxTa5SyWcI-5ZkLQlgFUGz353KM_eic1Cby9BGndwvg5JauS-Xt6G5qkdLPhsejTGLahCuhL_l9WIQ7vmFlaCI55YbfebNDga0QSCi37EwA_SMJ_k3Y0kCw1QSnrj-RH4rVc0twtjzZEZv2Y_IC2bPctiVmyTPD33okqa_bV0mHwkc22SoFK1IOgavS9FBg2-wS6DO_-e86nDdse0tvhAglXziuhj2c6JmMHSI3PRN6yLWCC5M%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=4744328274247&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 204

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874

Request Chain 206

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=73922800031251304444550012532029&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=73922800031251304444550012532029&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 222

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113

Request Chain 234

http://www.accuweather.com/ajax-service/oap/current?callback=jQuery191023148329851885463_1702022463286&uid=awcc1495048023036&locationkey=&unit=f&language=en-us&useip=true&targeturl=http%3A%2F%2Fsalem-news.com%2Fsevenday%2Findex.php&css=&_=1702022463287 HTTP 301
https://www.accuweather.com/ajax-service/oap/current?callback=jQuery191023148329851885463_1702022463286&uid=awcc1495048023036&locationkey=&unit=f&language=en-us&useip=true&targeturl=http%3A%2F%2Fsalem-news.com%2Fsevenday%2Findex.php&css=&_=1702022463287

Request Chain 249

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

253 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
salem-news.com/ 55 KB
14 KB 558ms
198ms Document
text/html 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) / PHP/5.3.10-1ubuntu3.26
Resource Hash: 104b819b3bacd733d6202c93e4047aeed6386318bf6102aead3a73a91042c438

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 08 Dec 2023 07:57:12 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.2.22 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10-1ubuntu3.26

GET
H/1.1 200
OK sn.css
salem-news.com/css/ 7 KB
2 KB 180ms
178ms Stylesheet
text/css 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://salem-news.com/css/sn.css
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 6d777e128fb84a4ecd883849c0d7f3ea2d90c0360965ad5fc870715e9fc45022

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:12 GMT
Content-Encoding: gzip
Last-Modified: Tue, 03 Sep 2013 03:37:50 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "208451-1c7d-4e57269beff80"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1943

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 91 KB
34 KB 40ms
20ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Mon, 04 Dec 2023 16:13:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 316053
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 33593
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Vary: Accept-Encoding
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Tue, 03 Dec 2024 16:13:29 GMT

GET
H/1.1 200
OK jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/ 232 KB
233 KB 43ms
22ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Thu, 07 Dec 2023 19:07:27 GMT
X-Content-Type-Options: nosniff
Age: 46415
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 237734
X-XSS-Protection: 0
Last-Modified: Fri, 27 Jan 2023 21:54:31 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Vary: Accept-Encoding
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Fri, 06 Dec 2024 19:07:27 GMT

GET
H/1.1 200
OK jquery-ui-1.9.2.custom.min.css
salem-news.com/css/redmond/ 15 KB
3 KB 353ms
178ms Stylesheet
text/css 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://salem-news.com/css/redmond/jquery-ui-1.9.2.custom.min.css
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: fdad85fd06357e62d3b63d49ffc4b352db761a8c31db32aec67ba981f303f7fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Content-Encoding: gzip
Last-Modified: Sat, 15 Dec 2012 22:47:23 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "20846b-3d45-4d0ebee6f34c0"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2911

GET
H/1.1 200
OK poweredby_FFFFFF.gif
www.google.com/images/poweredby_transparent/ 488 B
1 KB 51ms
29ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.google.com/images/poweredby_transparent/poweredby_FFFFFF.gif

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0e34e6156e006e95579f7fd649583a85175b331452c3cb0aac883c472cee0fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:02 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
Server: sffe
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Type: image/gif
Cache-Control: private, max-age=31536000
Cross-Origin-Resource-Policy: cross-origin
Accept-Ranges: bytes
Content-Length: 488
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Expires: Fri, 08 Dec 2023 08:01:02 GMT

GET
H/1.1 200
OK tjp-1.jpg
salem-news.com/nphotos/ 8 KB
8 KB 358ms
177ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/nphotos/tjp-1.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 3077aac5c53527a4764bf45c64154cea8921af2da25096c28ee403b579c9b029

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Mon, 09 Jun 2014 08:14:05 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2834fc-1e01-4fb62cb6ce22b"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 7681

GET
H/1.1 200
OK thpot_leaf_thumbs_up-350.jpg
salem-news.com/stimg/2012/thumbs/ 9 KB
10 KB 314ms
183ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thpot_leaf_thumbs_up-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: b7a16954120a4fcc5e1214138706474f4dbca9cfa7cd15eaa3cf615e382a2b3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sat, 18 Nov 2023 08:32:55 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f6f-258a-60a6919731a58"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9610

GET
H/1.1 200
OK themployee_recognition350.jpg
salem-news.com/stimg/2012/thumbs/ 11 KB
11 KB 189ms
188ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/themployee_recognition350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: bc5d352be9fcdb0f9483ba4abc3f87322d2f29fca5d7d4e7503133ad659f008b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sat, 18 Nov 2023 09:03:12 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f70-2a3d-60a6985c57312"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 10813

GET
H/1.1 200
OK show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 25 KB
11 KB 96ms
76ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f09af1984b3c7a18a3c49d63c2606d5288e69e4607c9b042e482702bd90b7ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:02 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 906453684305081795
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 10597
X-XSS-Protection: 0
Expires: Fri, 08 Dec 2023 08:01:02 GMT

GET
H/1.1 200
OK thcease_fire-350.jpg
salem-news.com/stimg/2012/thumbs/ 9 KB
10 KB 237ms
189ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thcease_fire-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 188bb1d3367ca5f38f23691125569df1cf1f98bfc6c96105758cb9c5e0f6aece

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Tue, 07 Nov 2023 01:15:11 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f6d-259c-60985b3bf85b7"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9628

GET
H/1.1 200
OK 1339746808.jpg
salem-news.com/gphotos/ 9 KB
9 KB 340ms
177ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/gphotos/1339746808.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 4c9c0bd30ea7c18ad8eaec470ca5d594a0b43291cd814f15c10485e23fc100e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Fri, 15 Jun 2012 07:53:31 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "227548-240d-4c27e1cc234c0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 9229

GET
H/1.1 200
OK 1220240434.jpg
salem-news.com/gphotos/ 10 KB
10 KB 183ms
177ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/gphotos/1220240434.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: adbda63eddcb8adba7a43fe15c6d0bec2367695e2074b5b96270c2bf5813cf66

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Mon, 01 Sep 2008 03:40:37 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "223ba6-272a-455cd5dc9b740"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 10026

GET
H/1.1 200
OK thipc_logo-350.jpg
salem-news.com/stimg/2012/thumbs/ 7 KB
7 KB 192ms
184ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thipc_logo-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: b7b777b658f7d547e39e268662498f378ba5e39f6c32347f825b5b7ccfaccda3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Tue, 07 Nov 2023 01:50:46 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f6e-1c41-60986330493ba"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 7233

GET
H/1.1 200
OK thgaza_fence_down-350.jpg
salem-news.com/stimg/2012/thumbs/ 10 KB
11 KB 183ms
179ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thgaza_fence_down-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: e46c3cf698504822a851df2c84cdcca9f62c2c09890f083541bb50ea016478db

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sun, 08 Oct 2023 03:51:17 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f6c-28f8-6072c62cd3f0f"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 10488

GET
H/1.1 200
OK thisrael-palestine_flag350.jpg
salem-news.com/stimg/2012/thumbs/ 9 KB
10 KB 339ms
178ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thisrael-palestine_flag350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: c06e4410d24951c9bc4e29dad8151c1763a8e0200d518199c7ff5980997b5122

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Tue, 10 Oct 2023 06:29:12 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4efa-25c0-60756d335454f"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 9664

GET
H/1.1 200
OK vc.jpg
salem-news.com/graphics/ 814 B
1 KB 359ms
183ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/graphics/vc.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: fbd9d31a2a3e4eb50342e65b3fca5ee367cfdb626f85571bca56376fd9fcc7f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sat, 13 May 2006 16:16:51 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2427d6-32e-413adc7e842c0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 814

GET
H/1.1 200
OK thhorse+paint-350.jpg
salem-news.com/stimg/2012/thumbs/ 10 KB
10 KB 355ms
179ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thhorse+paint-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 9aec1dbe7374063ae2a777d91c1caa0216e35d0b1536bb5674e2e83cf36f3f2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sun, 08 Oct 2023 00:49:54 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f6b-26a2-60729da1b82d5"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 9890

GET
H/1.1 200
OK thus_capitol_jan6_2021.jpg
salem-news.com/stimg/2012/thumbs/ 9 KB
9 KB 180ms
180ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thus_capitol_jan6_2021.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 69bde83057e3e3193b6b27e7e7a1fa6c31e0a15cee27553b8ec526bfcd9188d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Wed, 20 Sep 2023 20:38:58 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4daa-2411-605d05d64e68d"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 9233

GET
H/1.1 200
OK thnasa_sts-75.350.jpg
salem-news.com/stimg/2012/thumbs/ 7 KB
7 KB 188ms
188ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thnasa_sts-75.350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 1be4cf253c424652647839d16c2b34b2ca8d8b1e5d216b7f3dfc68bd187f8867

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Wed, 20 Sep 2023 00:06:01 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f68-1b3e-605bf240779e5"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 6974

GET
H/1.1 200
OK thdorece_sam-350.jpg
salem-news.com/stimg/2012/thumbs/ 10 KB
10 KB 188ms
187ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thdorece_sam-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 565094c22d6752044ea6fd47d572c205542e867bca1ee533c648a2c506087aee

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Mon, 11 Sep 2023 10:10:30 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f67-2819-60512893acc2c"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 10265

GET
H/1.1 200
OK thrfkvaxbook350.jpg
salem-news.com/stimg/2012/thumbs/ 17 KB
17 KB 177ms
177ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thrfkvaxbook350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 90354c2817fc223875574baffd036bb1041d5f56de7028eb724a5c3941691e6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sat, 09 Sep 2023 01:08:33 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f66-4249-604e2bb6e16aa"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 16969

GET
H/1.1 200
OK thlabor_day-350.jpg
salem-news.com/stimg/2012/thumbs/ 13 KB
13 KB 178ms
178ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thlabor_day-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 765aaacbe9b34b21f019208ed14620d557cb039cd22a68019104a8e7d7da7702

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Fri, 08 Sep 2023 01:29:19 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f65-33ff-604cee7d2bdeb"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 13311

GET
H/1.1 200
OK thwarm_springs_res.jpg
salem-news.com/stimg/2012/thumbs/ 10 KB
10 KB 179ms
179ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thwarm_springs_res.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: c115adf4dd85c1f13fd4723cf45e4c21f83bf1607b2cf803fac917f4e3513829

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Fri, 01 Sep 2023 03:12:35 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f63-262d-60443883a2d08"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 9773

GET
H/1.1 200
OK thdead_fish-1_350.jpg
salem-news.com/stimg/2012/thumbs/ 9 KB
9 KB 183ms
183ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thdead_fish-1_350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 9bb30e2bc446aa2301690bf87752244412e4e23f2756a0f4839539cca6dc9174

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Tue, 15 Aug 2023 00:36:22 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f60-2407-602eb5e3f8f96"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 9223

GET
H2 200 embed.js Show response
www.gofundme.com/static/js/ 1023 B
971 B 103ms
28ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/static/js/embed.js
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 21a895554a09087368c86517b1ef2159389387e136023980efb299b4ec16a712

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 18:23:22 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Wed, 04 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Mon, 04 Dec 2023 17:35:22 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 308261
etag: W/"00fd0feb9262b39d7964f638ac3e1390"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: URASBccDUVtF2SxB9oRzN6g-vlrPqYPKhBnKFG3UDsXw6gHetUV9JQ==

GET
H/1.1 200
OK thbeach_birds-jonmonroe350.jpg
salem-news.com/stimg/2012/thumbs/ 14 KB
14 KB 188ms
188ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thbeach_birds-jonmonroe350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 25b3ea23988624592d1290004418dc7d0066a4a5087656d1bcf650a2e0c983ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Thu, 31 Aug 2023 20:17:09 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f62-36bc-6043dba8dc74b"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 14012

GET
H/1.1 200
OK thmaui_fires-google350.jpg
salem-news.com/stimg/2012/thumbs/ 7 KB
7 KB 187ms
187ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thmaui_fires-google350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 88ea1fa6dd07a757f7c271f640f0c984180f46e001ad52c663fe3e827766dc79

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Fri, 11 Aug 2023 04:05:49 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f5f-1ccd-6029dd3ee7833"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 7373

GET
H/1.1 200
OK thsinead-rips-the-pope350.jpg
salem-news.com/stimg/2012/thumbs/ 10 KB
11 KB 178ms
178ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thsinead-rips-the-pope350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 5fe7d225fa2af2d7a7faafb430f93c1910b58cbf8d9761c5f14fcd9e9f75aa0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Fri, 04 Aug 2023 00:14:05 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f5d-28e5-6020dc659f276"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 10469

GET
H/1.1 200
OK thcluster_bomb-350.jpg
salem-news.com/stimg/2012/thumbs/ 9 KB
9 KB 177ms
177ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thcluster_bomb-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 2f85f7bf91ca6c32ce88373355f45e4d9f8ef5108456bee9031038fd1ac53d09

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Thu, 27 Jul 2023 01:18:05 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f5a-24b9-6016dbc7e31d8"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 9401

GET
H/1.1 200
OK thbedrock_fire_4488-350.jpg
salem-news.com/stimg/2012/thumbs/ 8 KB
9 KB 180ms
180ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thbedrock_fire_4488-350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 43c8024ea22de1aee05a017907ce857fd3b53ffb32f93dc94c68bc0c16af50b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:14 GMT
Last-Modified: Wed, 26 Jul 2023 01:00:04 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f59-20ee-601595e393a76"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 8430

GET
H/1.1 200
OK thiaea_report_japan350.jpg
salem-news.com/stimg/2012/thumbs/ 7 KB
8 KB 184ms
184ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/2012/thumbs/thiaea_report_japan350.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 134e1f5b534c68700dca4e7b9f91e7ff5123e11d2efdd6e54c846ca053b973a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:14 GMT
Last-Modified: Fri, 21 Jul 2023 21:43:49 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c4f56-1d30-6010628fecaa3"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 7472

GET
H2 200 launch.js Show response
oap.accuweather.com/ 17 KB
6 KB 235ms
55ms Script
application/javascript 23.73.140.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://oap.accuweather.com/launch.js
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.140.71 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-140-71.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 640c9cbb97ba18dc1bcde7f36eed441db79a02b0912d0f4325d4b475d3b84565

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: gzip
last-modified: Thu, 16 Feb 2017 19:04:02 GMT
server: Microsoft-IIS/8.5
etag: "8513a708788d21:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
servername: origin-v02
accept-ranges: bytes
content-length: 6333

GET
H2

200

btn_donateCC_LG.gif
www.paypalobjects.com/en_US/i/btn/
Redirect Chain

https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif
https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif

3 KB
3 KB

96ms
25ms

Image
image/gif

192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

Server

192.229.221.25 Brigham City, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CF2) /

Resource Hash

33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: f42b14747710f
dc: ccg11-origin-www-1.paypal.com
content-length: 3099
last-modified: Thu, 27 May 2021 14:20:07 GMT
server: ECAcc (frc/4CF2)
traceparent: 00-0000000000000000000f42b14747710f-8b4868ec1f4b8f85-01
etag: "60afaa97-c1b"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 08 Dec 2023 09:01:03 GMT

Redirect headers

date: Fri, 08 Dec 2023 08:01:03 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS, MISS
paypal-debug-id: f957919d5c49a
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-served-by: cache-fra-eddf8230026-FRA, cache-cph2320027-CPH, cache-cph2320027-CPH
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f957919d5c49a-288b1d6d1ba7090a-01
x-timer: S1702022463.965770,VS0,VE160
location: https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
x-cache-hits: 0, 0, 0

GET
H2

200

pixel.gif
www.paypalobjects.com/en_US/i/scr/
Redirect Chain

https://www.paypal.com/en_US/i/scr/pixel.gif
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

43 B
185 B

153ms
92ms

Image
image/gif

192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

Server

192.229.221.25 Brigham City, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBC) /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: 44dbe3fea9359
dc: ccg11-origin-www-1.paypal.com
content-length: 43
last-modified: Fri, 16 Aug 2019 04:57:34 GMT
server: ECAcc (frc/4CBC)
traceparent: 00-000000000000000000044dbe3fea9359-d84c23b7606d6317-01
etag: "5d5637be-2b"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 08 Dec 2023 09:01:03 GMT

Redirect headers

date: Fri, 08 Dec 2023 08:01:03 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS, MISS
paypal-debug-id: f957919778cd6
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-served-by: cache-fra-eddf8230130-FRA, cache-cph2320027-CPH, cache-cph2320027-CPH
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f957919778cd6-819d00391f5aa27c-01
x-timer: S1702022463.965784,VS0,VE170
location: https://www.paypalobjects.com/en_US/i/scr/pixel.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
x-cache-hits: 0, 0, 0

GET
H/1.1 200
OK legal_notice_AD.160.jpg
salem-news.com/stimg/adimg/ 13 KB
13 KB 365ms
187ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/adimg/legal_notice_AD.160.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 2f7b5f6365163c37daeefc494f041cd181de38fbf9499e68da1de2eab10feab3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Thu, 27 Oct 2011 19:35:50 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c2dd8-341e-4b04ce1415180"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 13342

GET
H/1.1 200
OK cannabis_ad-2.160.jpg
salem-news.com/stimg/adimg/ 35 KB
35 KB 194ms
194ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/adimg/cannabis_ad-2.160.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 48048f34cf11962d4837a2f1f659afd79b26f76e519de06239a55275280ac8d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:14 GMT
Last-Modified: Wed, 23 Feb 2011 05:55:25 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c2db0-8ad9-49cecbe412d40"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 35545

GET
H/1.1 200
OK soldier_pix_tile.136.jpg
salem-news.com/stimg/adimg/ 14 KB
14 KB 188ms
187ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/adimg/soldier_pix_tile.136.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: a5c42a65ca37c60e289e38521c822c73dff57156d9da86fee8f39012c0d5d05e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:14 GMT
Last-Modified: Sun, 24 Feb 2008 19:16:19 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c2def-36e1-446ec4a4366c0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 14049

GET
H/1.1 200
OK eat_salem-TILE.jpg
salem-news.com/stimg/adimg/ 10 KB
11 KB 179ms
179ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/stimg/adimg/eat_salem-TILE.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 38df18981c07411b258a130996357394cbdad9df24b7cb96c62db02214d43ca4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:14 GMT
Last-Modified: Mon, 01 Mar 2010 08:18:57 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2c2dba-29b4-480b8e68a3e40"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 10676

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 173ms
124ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9867eb60a6e41fad41c275393dae42a10e56f720adcb98886bfcfd18dcf07089

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51849
x-xss-protection: 0
server: cafe
etag: 16866134538037582734
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:03 GMT

GET
H/1.1 200
OK snheader.jpg
salem-news.com/graphics/ 30 KB
31 KB 193ms
188ms Image
image/jpeg 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/graphics/snheader.jpg
Requested by: Host: salem-news.com
URL: http://salem-news.com/css/sn.css
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: c1f37beaead769da889ea47445b6780280f330c7b4d7414450608d5baafca2f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/css/sn.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Thu, 11 Feb 2010 05:16:03 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2427c7-78f5-47f4c3f4b8ac0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 30965

GET
H/1.1 200
OK sbt.gif
salem-news.com/graphics/ 96 B
385 B 241ms
187ms Image
image/gif 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/graphics/sbt.gif
Requested by: Host: salem-news.com
URL: http://salem-news.com/css/sn.css
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: e07b2c0c2abbe3dd90e211312b921dfbdf96af044c0925555ef0735b109b0f8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/css/sn.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sun, 07 May 2006 01:04:40 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "2427c0-60-4132856a33a00"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 96

GET
H/1.1 200
OK button.gif
salem-news.com/css/images/ 2 KB
3 KB 334ms
177ms Image
image/gif 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/css/images/button.gif
Requested by: Host: salem-news.com
URL: http://salem-news.com/css/sn.css
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 5de17a06142490aa81f4f131c6554accbc24383992f00df1663e240881a2e891

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/css/sn.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Mon, 07 Dec 2009 20:03:59 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "208457-90a-47a28f54409c0"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2314

GET
H2 200 jquery-1.9.1.min.js Show response
vortex.accuweather.com/adc2010/oap/javascript/ 90 KB
33 KB 99ms
54ms Script
application/javascript 23.73.140.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vortex.accuweather.com/adc2010/oap/javascript/jquery-1.9.1.min.js
Requested by: Host: oap.accuweather.com
URL: https://oap.accuweather.com/launch.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.140.71 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-140-71.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: gzip
last-modified: Mon, 20 May 2013 20:51:39 GMT
server: Microsoft-IIS/8.5
etag: "aad455d39b55ce1:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
servername: origin-v01
accept-ranges: bytes
content-length: 33817

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

52 KB
21 KB

69ms
20ms

Script
text/javascript

2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 08 Dec 2023 07:41:49 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1154
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 08 Dec 2023 09:41:49 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK jsonst.php Show response
salem-news.com/ 2 KB
3 KB 444ms
179ms XHR
application/json 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://salem-news.com/jsonst.php
Requested by: Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) / PHP/5.3.10-1ubuntu3.26
Resource Hash: 4b28206a13b0f6352988ec154ed3ea6636a9e0e74a74f1b4f3abfbddede09cf4

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: http://salem-news.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.26
Content-Type: application/json
Cache-Control: no-cache, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 2451
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK ajax-loader.gif
salem-news.com/images/ 8 KB
8 KB 468ms
183ms Image
image/gif 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/images/ajax-loader.gif
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 37bd58d8ac13064a13f443f0d285393c645e5292f90f55273ed72da7936f5832

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sat, 15 Dec 2012 23:14:37 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "243dd5-202e-4d0ec4fd41140"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 8238

GET
H2 200 medium Show response
www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/ Frame FFBF 623 KB
141 KB 223ms
222ms Document
text/html 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/static/js/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-97.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

c32e8aa1df3ceeff5f9e1faf71fbd9485bf81906dfdaacbc7dc3e644fe2fc1c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy-report-only: frame-ancestors gofundme.com *.gofundme.com *.hopin.com;
content-type: text/html; charset=utf-8
date: Fri, 08 Dec 2023 08:01:03 GMT
etag: "o7z2xl2n8mdkvs"
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-cf-id: foSOhhOx5e52jRZZJqiI0TIWo0fum-DsYVvjlGqTtAOHI4jNwxyxtg==
x-amz-cf-pop: AMS54-C1
x-cache: Miss from cloudfront

GET
H/1.1 200
OK ui-bg_glass_85_dfeffc_1x400.png
salem-news.com/css/redmond/images/ 123 B
413 B 443ms
178ms Image
image/png 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/css/redmond/images/ui-bg_glass_85_dfeffc_1x400.png
Requested by: Host: salem-news.com
URL: http://salem-news.com/css/redmond/jquery-ui-1.9.2.custom.min.css
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 0053aaaa79ecdcd48e89d0d2125e6a420e44be52c82fc48fcfaa8689d76758a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/css/redmond/jquery-ui-1.9.2.custom.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:13 GMT
Last-Modified: Sat, 15 Dec 2012 22:47:23 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "20846f-7b-4d0ebee6f34c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 123

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
219 B 27ms
27ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=762516715&t=pageview&_s=1&dl=http%3A%2F%2Fsalem-news.com%2F&ul=en-us&de=UTF-8&dt=Salem-News.Com%20News%20from%20Salem%20Oregon%20and%20the%20surrounding%20region.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=297533988&gjid=115867252&cid=2080048923.1702022463&tid=UA-142020-2&_gid=593575653.1702022463&_r=1&_slc=1&z=520157238

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a82328fa8918a5c92717a60ac8026959f9089783088dc3cc1b6f7d6e03fe6900

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://salem-news.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://salem-news.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/ 398 KB
135 KB 90ms
90ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6195063521241979&plah=salem-news.com&bust=31080036

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89bcd375b1455561028d3967ca27ea816b0e4890b61ab0dd2a182530709422e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137717
x-xss-protection: 0
server: cafe
etag: 2692336803748698928
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:03 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/ Frame 138B 9 KB
4 KB 73ms
20ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45173
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 19:28:10 GMT
etag: 5585625838579639069
expires: Thu, 21 Dec 2023 19:28:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 241 KB
84 KB 84ms
37ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VLL8LGN9EP&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ec667b61257fa9364f1c04faf29a6cd2521ddcac847bb377530a97d77c393219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85841
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 08 Dec 2023 08:01:03 GMT

GET
H2 200 CircularXXWeb-Bold.woff2
cdn.gofundme.com/fonts/ Frame FFBF 72 KB
73 KB 179ms
66ms Font
font/woff2 13.32.27.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gofundme.com/fonts/CircularXXWeb-Bold.woff2
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-71.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7387021408574afb13687c47d583f43c70cf9511d5dfd772be64f8ec975895a8

Request headers

Referer: https://www.gofundme.com/
Origin: https://www.gofundme.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 04:39:54 GMT
via: 1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 12070
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 74059
last-modified: Tue, 23 Nov 2021 21:37:34 GMT
server: AmazonS3
etag: "0796c564b3ca9bbf97c065949d757d6c"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: J1NzYUB9vDPj1w-BaGIfrHFGtNx_t0FUFJ3AT8xGKjhrP0qZBhBvOA==

GET
H2 200 CircularXXWeb-Medium.woff2
cdn.gofundme.com/fonts/ Frame FFBF 69 KB
70 KB 162ms
49ms Font
binary/octet-stream 13.32.27.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gofundme.com/fonts/CircularXXWeb-Medium.woff2
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-71.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8fe6acb606204bb51fd9130bca281a23ad25aafaf98e912bca79323adbb14c67

Request headers

Referer: https://www.gofundme.com/
Origin: https://www.gofundme.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 09:08:08 GMT
via: 1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 82376
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 71047
last-modified: Wed, 08 Jun 2022 20:42:18 GMT
server: AmazonS3
etag: "1aa173431ed07f680fc5387062a690e7"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: 1exUHJJJG1aWVaLWG64_Su1gu3eiTgYSGR_EHXXQr8_HpQ2bQ3YllA==

GET
H2 200 CircularXXWeb-Regular.woff2
cdn.gofundme.com/fonts/ Frame FFBF 69 KB
69 KB 136ms
23ms Font
font/woff2 13.32.27.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gofundme.com/fonts/CircularXXWeb-Regular.woff2
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-71.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52ae61c0720ae779b166ba75eb15923913725a390383be86868c33bfc191c1fe

Request headers

Referer: https://www.gofundme.com/
Origin: https://www.gofundme.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 07:01:22 GMT
via: 1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 3582
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 70287
last-modified: Tue, 23 Nov 2021 21:37:13 GMT
server: AmazonS3
etag: "c65bc20b5c2102386f484979b51049a6"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: 1LuYAhV87xGXWONRWNNVVeCzSLJvErEqDO0Q4bS49OLEYysP7fmjtg==

GET
H2 200 0a5047dc429d212c.css
www.gofundme.com/ssr/_next/static/css/ Frame FFBF 27 KB
6 KB 51ms
51ms Stylesheet
text/css 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/css/0a5047dc429d212c.css
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a7e943ef5e30e220196f66d125e9840c4f13acd9d6bf933c05696a85ec983a75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 20:41:55 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Thu, 28 Nov 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Tue, 28 Nov 2023 17:14:18 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 818349
etag: W/"061b9c857f1bfa51abed9cdcfd487090"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: ECjBN5tUrBhHnDS0yYLu6wqMD1XvPSWBwlwF925JiWGeXpw46ujXGQ==

GET
H2 200 89e21eeb185bf917.css
www.gofundme.com/ssr/_next/static/css/ Frame FFBF 47 KB
8 KB 53ms
53ms Stylesheet
text/css 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/css/89e21eeb185bf917.css
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ea861a52ea2baeed54b7c80eaef5a7deb3db6377e06c6d6773683fab85ce4402

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 17:42:42 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Thu, 05 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Tue, 05 Dec 2023 17:36:47 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 224302
etag: W/"6167f32186fc582affbd68a7e2b51565"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: z66kGS06sbq81ssfySRRYR2tQEeEJh7nuAmc4N4BCNs2FsLCG15x7A==

GET
H2 200 acda1ac783ed86b2.css
www.gofundme.com/ssr/_next/static/css/ Frame FFBF 3 KB
1 KB 54ms
54ms Stylesheet
text/css 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/css/acda1ac783ed86b2.css
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 401b4cd202bbf64b33b04a16f68aa72cceea9f75562bd51ae66bee2a3bf1e0a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 17:42:46 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Thu, 05 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Tue, 05 Dec 2023 17:36:48 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 224298
etag: W/"31bc9b8045995a9bd1cc227726c7735d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: 6qbUaQocAP2mhb3I69yO3Rjwa3_hzfuhcnVL_CMFVQx5Elr21TBl9Q==

GET
H2 200 airgap.js Show response
cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/ Frame FFBF 130 KB
45 KB 97ms
32ms Script
application/javascript 2600:9000:2447:8e00:2:8531:afc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/airgap.js

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2447:8e00:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

b2f24aafb98b074e3946136dc976b95a0e1f1e3c0f12bbdba742e01a651a3e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: br
via: 1.1 4a345f25fcb995602afaf132ccf353de.cloudfront.net (CloudFront)
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
strict-transport-security: max-age=31536000
x-amz-cf-pop: AMS58-P5
x-content-type-options: nosniff
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=60,s-maxage=86400
x-amz-cf-id: VAK4UHul9YhD4UErYKW8hbvcwlVQ9fNDsnhqO38QlwZ67odP5A5NZQ==
x-xss-protection: 1; mode=block

GET
H2 200 webpack-e3a985dacf6fb035.js Show response
www.gofundme.com/ssr/_next/static/chunks/ Frame FFBF 12 KB
6 KB 49ms
48ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/webpack-e3a985dacf6fb035.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 79d05de65a2233c2735dbe9eb5fdc478e476fe23dedbe722ddb86ce0c0dfe7fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 20:39:09 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 07 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Thu, 07 Dec 2023 20:33:29 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 40915
etag: W/"93147e6340114b16e4ca3c51ce40e639"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: YHjEhXia_5Jyk8c5PLxfam1bksyBMGtYUaS74jxuzmq2oXVW5tvr2w==

GET
H2 200 framework-d583295f3144c491.js Show response
www.gofundme.com/ssr/_next/static/chunks/ Frame FFBF 138 KB
45 KB 52ms
50ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/framework-d583295f3144c491.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c66edf77e0f8f8f549672123f9e5d3d6a7b05c3e592450028eabde53346bd55d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 18:11:34 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Fri, 06 Sep 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Wed, 06 Sep 2023 17:56:13 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 7998570
etag: W/"44609e1af70e8b8743287423a53d55c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: Ii_F6qMz5ayuUNi1DTi-1dbvalPYdCbG5gxO2eaQt6N1rYyLiXLkzg==

GET
H2 200 main-9dcfbbfee9d511e9.js Show response
www.gofundme.com/ssr/_next/static/chunks/ Frame FFBF 107 KB
32 KB 60ms
59ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/main-9dcfbbfee9d511e9.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 67abb48de10855a099eb2f3fbc6e1256d4027e2905bea1cc0700ab5a299fb490

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 20:41:55 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Thu, 28 Nov 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Tue, 28 Nov 2023 17:14:17 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 818349
etag: W/"bbdd0009b2af614f1de8c97b5ccc4c24"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: k0QxB8ycgbK9bAl8Sw3PgrMZge6OEH4XpFVve4oz9MXwtUAwFp6Ciw==

GET
H2 200 _app-8ca5a04b0cdabcd2.js Show response
www.gofundme.com/ssr/_next/static/chunks/pages/ Frame FFBF 953 KB
244 KB 66ms
65ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/pages/_app-8ca5a04b0cdabcd2.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fe1a83944602ce51bf265163d8aa7c4fa7740a8655bcebfd55b82e24bc502686

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:21:45 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 07 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Thu, 07 Dec 2023 18:15:34 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 49159
etag: W/"22e7547ca4f10d946a1b95911145a7bd"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: -POsAZSRHF8SgWNUuQLkJ2al2UAmhi4t9-ZVj58OP7C70U6uBE6agg==

GET
H2 200 1354-0e11d42d39c0bf97.js Show response
www.gofundme.com/ssr/_next/static/chunks/ Frame FFBF 286 KB
77 KB 93ms
92ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/1354-0e11d42d39c0bf97.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 065ac62fa003726383877ac67c6421bdc89c110a8d9ced1a3691c7b4d5c26ed7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 17:42:42 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Thu, 05 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Tue, 05 Dec 2023 17:36:43 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 224302
etag: W/"e6e12954d1ab09a16092bc5b32f3aea5"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: KoFb1XPon9oFxbclb_KMJdQNQHKRkUna5oL5U8TQB6kdksobrg_HjA==

GET
H2 200 9051-a3f3ae31f25621b1.js Show response
www.gofundme.com/ssr/_next/static/chunks/ Frame FFBF 13 KB
5 KB 99ms
98ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/9051-a3f3ae31f25621b1.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3b3a565398ec361ad761f8d6a94cbbbc31603e9484c70b84a01d210fd2b5e15e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 20:41:55 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Thu, 28 Nov 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Tue, 28 Nov 2023 17:14:16 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 818349
etag: W/"029bd83d03c58c0429b136f2101d141f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ob4527h5-PtWnebmj1Ibl7nL_kmK4DQfsIhI_cS3-MyC_3_pVDr7Og==

GET
H2 200 2531-bbd79ba91a88b889.js Show response
www.gofundme.com/ssr/_next/static/chunks/ Frame FFBF 7 KB
3 KB 98ms
97ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/2531-bbd79ba91a88b889.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 116c7e22845f8c8784d4633bc3170e02c6a12e8c7e56ed29e7250aafbe693953

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 20:41:55 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Thu, 28 Nov 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Tue, 28 Nov 2023 17:14:14 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 818349
etag: W/"3cb8c453857c124ab19beb2bebd0aaca"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: vMEhjM_I5d5tj270bEJ9pVW8lmsmxi0fBAuRGvdkSCxjA16rDDaNLg==

GET
H2 200 3796-92ddc811419f382d.js Show response
www.gofundme.com/ssr/_next/static/chunks/ Frame FFBF 21 KB
8 KB 100ms
99ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/3796-92ddc811419f382d.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a87ecc29279c740015f9460447e8bf465401d93faa38c171399c549cbd0feb7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 17:37:51 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 30 Nov 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Thu, 30 Nov 2023 17:31:49 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 656593
etag: W/"58d5e0e8b264bfa5ca597003a4e79969"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: eiL1_0gAvGBqjAfkHGSOdi8H2O3B171gJb55ctQzZW4HuxrFI007cw==

GET
H2 200 9486-c0aeffde7eb526e2.js Show response
www.gofundme.com/ssr/_next/static/chunks/ Frame FFBF 11 KB
5 KB 100ms
100ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/9486-c0aeffde7eb526e2.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 44d3fe4bb087134f0252883e756be506a1cd3af99290225a658282279bd79efd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:21:45 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 07 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Thu, 07 Dec 2023 18:15:33 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 49159
etag: W/"a125e2949cc5c722dc30cc8b1373e7d4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: dCxcX9vxOSVw83kRI_3PAgTTdSwIKqJqeR00ibR9NnsJgsxpwpRnHw==

GET
H2 200 %5B...type%5D-2df7ce0d4cdcc907.js Show response
www.gofundme.com/ssr/_next/static/chunks/pages/f/%5BcampaignUrl%5D/widget/ Frame FFBF 12 KB
5 KB 101ms
101ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/chunks/pages/f/%5BcampaignUrl%5D/widget/%5B...type%5D-2df7ce0d4cdcc907.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f2b36c8eda107a6cd98e794b67e95c800dada58c6c9f9e56a2c56dda140cb8d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 17:42:46 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Thu, 05 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Tue, 05 Dec 2023 17:36:46 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 224298
etag: W/"1df8b46c610c18a26b529f09c302c4ca"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 7msQpQOQR7Lx0maJEoUFX1HzpshEy5Bbs60fNCiczaVZkMjjS5hMng==

GET
H2 200 _buildManifest.js Show response
www.gofundme.com/ssr/_next/static/oYgkWblY5CyOS89tOz3cr/ Frame FFBF 25 KB
6 KB 102ms
102ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/oYgkWblY5CyOS89tOz3cr/_buildManifest.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0088244ce39b74bd4709b6ed4a31d81ec74c6e38ce053820ceea98c9540993d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 20:39:09 GMT
content-encoding: gzip
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 07 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Thu, 07 Dec 2023 20:33:31 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 40915
etag: W/"b1e0cb9cc86058d3c863eb789aca837f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jz-EjyLd4HfB7s13DttA6sOPhUbD4C8g6UGvbV4Da08tiLr27DpQ6Q==

GET
H2 200 _ssgManifest.js Show response
www.gofundme.com/ssr/_next/static/oYgkWblY5CyOS89tOz3cr/ Frame FFBF 77 B
501 B 104ms
103ms Script
application/javascript 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gofundme.com/ssr/_next/static/oYgkWblY5CyOS89tOz3cr/_ssgManifest.js
Requested by: Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-97.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 20:39:09 GMT
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 07 Dec 2024 00:00:00 GMT", rule-id="expire-at-one-year"
last-modified: Thu, 07 Dec 2023 20:33:31 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 40915
etag: "b6652df95db52feb4daf4eca35380933"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 77
x-amz-cf-id: pb72lgDbeGADVMCuunuKSKS3KDgTtWdwXPqLCJa-n8WFzCJ3Mz2xQA==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
252 B 80ms
29ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-VLL8LGN9EP&gtm=45je3bt0v9134522147&_p=1702022463281&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=2080048923.1702022463&_eu=ABAI&_s=1&dl=http%3A%2F%2Fsalem-news.com%2F&dt=Salem-News.Com%20News%20from%20Salem%20Oregon%20and%20the%20surrounding%20region.&sid=1702022463&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1317
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VLL8LGN9EP&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://salem-news.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 11FE 106 KB
40 KB 682ms
674ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6195063521241979&plah=salem-news.com&bust=31080036

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

081cd2b11835dc3e7e9bfc33d63b2545db64b0174735d76f9a6da40ce3cf0919

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40646
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:04 GMT
expires: Fri, 08 Dec 2023 08:01:04 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 456E 25 KB
11 KB 500ms
500ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad361c20ebe6b4243e291f7d4e03848c68f78c8a335f5a3ad1b1e1a729927a33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11343
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:03 GMT
expires: Fri, 08 Dec 2023 08:01:03 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B6E8 25 KB
11 KB 474ms
474ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18780ca8e35e3c2913a84503557b4693fcd8534a735448b2c354875087fb0ca5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11336
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:03 GMT
expires: Fri, 08 Dec 2023 08:01:03 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2BF6 723 B
382 B 433ms
433ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=717473361&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=478&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2576&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=480

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de5eba26bd105c03ec9eb57c0d5dad0bc9b10000b375a0ac5daafd33726458c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 358
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:03 GMT
expires: Fri, 08 Dec 2023 08:01:03 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2B3F 169 KB
45 KB 579ms
579ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aef4907f13717e310cb3b29fc4294a2ff5497b5d3260070e27e284a39343ec1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45775
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:04 GMT
expires: Fri, 08 Dec 2023 08:01:04 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 xdi.js Show response
cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/ Frame FFBF 26 KB
12 KB 84ms
30ms Script
text/javascript 2600:9000:2447:8e00:2:8531:afc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/xdi.js

Requested by

Host: cdn.transcend.io
URL: https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/airgap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2447:8e00:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f5d22eee47a54fec107105abfb733e0759d69bfab519a5e2370321e5ae6c7b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gofundme.com/
Origin: https://www.gofundme.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: 0NuJA.0hx4NRoToXZDDVbMF14WWwsDz3
content-encoding: gzip
via: 1.1 459ec09472abb8544521a9b5cc6706ce.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 06:02:47 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: AMS58-P5
age: 16207
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-disposition: inline
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 21 Oct 2023 02:59:40 GMT
server: AmazonS3
etag: W/"825eb964e68f547f7e46ae9fbba1abc7-1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=60,s-maxage=86400
x-amz-cf-id: I5UbR6AP4XJhILzzEt1NvKyi-qRr1CWxaKAMjLOd-cBsxkIPyurRuA==

GET
H2 200 ui.js Show response
cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/ Frame FFBF 268 KB
73 KB 79ms
35ms Script
text/javascript 2600:9000:2447:8e00:2:8531:afc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/ui.js

Requested by

Host: cdn.transcend.io
URL: https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/airgap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2447:8e00:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7473bc597d499a69d196a66572dac2f92a1108c9e698dd52565ce150008e2c80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gofundme.com/
Origin: https://www.gofundme.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: Dr9VIQe3AJrjmViDHeTAcsxeBvSqAaHQ
content-encoding: br
via: 1.1 459ec09472abb8544521a9b5cc6706ce.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 05:17:31 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: AMS58-P5
age: 9813
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-disposition: inline
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 21 Oct 2023 02:59:40 GMT
server: AmazonS3
etag: W/"e0eeddced35db5f676b135453a7cc568-1"
x-frame-options: SAMEORIGIN
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: ETag
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
x-amz-cf-id: p7shBoB-9FXWPDGEGrvVqyj9sOtSUy26qtl2cw-qbqZBkTxdSJhVIw==

GET
H/1.1 200
OK ui-bg_inset-hard_100_fcfdfd_1x100.png
salem-news.com/css/redmond/images/ 88 B
377 B 179ms
179ms Image
image/png 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/css/redmond/images/ui-bg_inset-hard_100_fcfdfd_1x100.png
Requested by: Host: salem-news.com
URL: http://salem-news.com/css/redmond/jquery-ui-1.9.2.custom.min.css
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: d175ae345afe14519bca3ebe152a9f863e5116f8993a641c26f619f926436df0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/css/redmond/jquery-ui-1.9.2.custom.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:14 GMT
Last-Modified: Sat, 15 Dec 2012 22:47:23 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "208473-58-4d0ebee6f34c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 88

GET
H/1.1 200
OK ui-icons_6da8d5_256x240.png
salem-news.com/css/redmond/images/ 4 KB
5 KB 182ms
182ms Image
image/png 192.241.229.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://salem-news.com/css/redmond/images/ui-icons_6da8d5_256x240.png
Requested by: Host: salem-news.com
URL: http://salem-news.com/css/redmond/jquery-ui-1.9.2.custom.min.css
Protocol: HTTP/1.1
Server: 192.241.229.70 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: salem-news.com
Software: Apache/2.2.22 (Ubuntu) /
Resource Hash: 55380e58ed3ded7e334522936f36fa41165a06efe7a6120b6da630574a160aa2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/css/redmond/jquery-ui-1.9.2.custom.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 07:57:14 GMT
Last-Modified: Sat, 15 Dec 2012 22:47:23 GMT
Server: Apache/2.2.22 (Ubuntu)
ETag: "208477-1111-4d0ebee6f34c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 4369

OPTIONS
H2 200 identity
gateway.gofundme.com/web-gateway/v1/feed/ Frame 0
0 354ms
288ms Preflight
application/json 18.66.248.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gateway.gofundme.com/web-gateway/v1/feed/identity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-87.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: gfm-request-id
Access-Control-Request-Method: GET
Origin: https://www.gofundme.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, gfm-request-id
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://www.gofundme.com
access-control-expose-headers: GFM-Request-Id, GFM-Server-Request-Id, GFM-Parent-Request-Id
access-control-max-age: 86400
allow: GET, HEAD, OPTIONS
content-length: 155
content-security-policy-report-only: frame-ancestors gofundme.com *.gofundme.com *.hopin.com;
content-type: application/json
date: Fri, 08 Dec 2023 08:01:03 GMT
gfm-parent-request-id
gfm-request-id: c0e164d847184641abd9be59ba875206
gfm-server-request-id: c0e164d847184641abd9be59ba875206
referrer-policy: same-origin
server: nginx
vary: Origin
via: 1.1 8d4901eb4989773bb579fc1597e54ea8.cloudfront.net (CloudFront)
x-amz-cf-id: 8sndqSgXcsuMikOfWsM7vPg8Wch2EX-sftmwf6T_YQx0vXG9zr5NWQ==
x-amz-cf-pop: DUS51-P1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame FFBF 494 KB
125 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TDTFTZ

Requested by

Host: cdn.transcend.io
URL: https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/airgap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

15550af5b2a29066c9ad3292c7591b39de8ee38988ca0098ed13a6eddf69a08a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128288
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 08 Dec 2023 08:01:03 GMT

GET
H2 200 identity Show response
gateway.gofundme.com/web-gateway/v1/feed/ Frame FFBF 92 B
795 B 76ms
27ms XHR
application/json 18.66.248.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gateway.gofundme.com/web-gateway/v1/feed/identity

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-87.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

8cd4cbfaec4318590ca55927b32df24b992ef03d93514495dec5f945efe86e24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: application/json
GFM-Request-Id: 3d7f716e-e333-47b7-a9a0-131f877b379a
Referer: https://www.gofundme.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

gfm-request-id: 14e14d109e574f34a737c6e03eda9af3
date: Fri, 08 Dec 2023 08:00:14 GMT
via: 1.1 b628053fca1386b0c2ba37163842b26e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-P1
age: 50
content-security-policy-report-only: frame-ancestors gofundme.com *.gofundme.com *.hopin.com;
gfm-parent-request-id: 6a305c32-94ef-4cc9-9f63-04f2155e91ce
x-cache: Hit from cloudfront
content-length: 92
referrer-policy: same-origin
server: nginx
allow: GET, HEAD, OPTIONS
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: https://www.gofundme.com
access-control-expose-headers: GFM-Request-Id, GFM-Server-Request-Id, GFM-Parent-Request-Id
cache-control: max-age=0, s-maxage=60, public
access-control-allow-credentials: true
vary: Origin
gfm-server-request-id: 14e14d109e574f34a737c6e03eda9af3
x-amz-cf-id: WlqkkKtc3iC8fEagnmi1yAeQLxQkOhzqSkxkOTbijKca7sM0Hpp3eA==

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A043 36 KB
14 KB 389ms
389ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

12ac8a2c807a542382ec525f4756cba990027c39697585fe760af0649568f26a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 14718
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:04 GMT
expires: Fri, 08 Dec 2023 08:01:04 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 track Show response
www.gofundme.com/ Frame FFBF 20 B
1 KB 339ms
339ms XHR
application/json 13.227.219.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gofundme.com/track

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.97 Patterson, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-97.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors gofundme.com .gofundme.com .hopin.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

tracestate: 741111@nr=0-1-741111-1538388375-9e9c91cdbe21b2ab----1702022463673
traceparent: 00-1e4bbac2785d7215bb288a4739e39a20-9e9c91cdbe21b2ab-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6Ijc0MTExMSIsImFwIjoiMTUzODM4ODM3NSIsImlkIjoiOWU5YzkxY2RiZTIxYjJhYiIsInRyIjoiMWU0YmJhYzI3ODVkNzIxNWJiMjg4YTQ3MzllMzlhMjAiLCJ0aSI6MTcwMjAyMjQ2MzY3M319
Content-Type: application/json
Accept: application/json, text/plain, */*
Referer: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
content-encoding: gzip
content-security-policy: frame-ancestors gofundme.com *.gofundme.com *.hopin.com;
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-cache: Miss from cloudfront
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://www.gofundme.com
cache-control: no-cache, private
access-control-allow-credentials: true
x-server: ip-10-50-194-125.ec2.internal
access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type
x-amz-cf-id: w5SW93hUcWoC_Ngj2y3rdu6bdC29Fo3wW-upN6vhRVf92TZ80-93BA==

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 48A5 0
19 B 31ms
30ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&adk=1812271804&adf=3025194257&lmt=1702022463&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&dt=1702022463279&bpp=2&bdt=598&idt=397&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&nras=1&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&fsb=1&dtd=401

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:03 GMT
expires: Fri, 08 Dec 2023 08:01:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cm.css
cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/ Frame FFBF 16 KB
4 KB 27ms
27ms Stylesheet
text/css 2600:9000:2447:8e00:2:8531:afc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/cm.css

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2447:8e00:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7485f98c769235c979c928fb91bd85dbbaa634ce06e7b7f2041801967a4939f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: pbfJiiSI9cfET0uWpPUK2Li.vuZxEur4
content-encoding: gzip
via: 1.1 4a345f25fcb995602afaf132ccf353de.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 05:39:36 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: AMS58-P5
age: 8490
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-disposition: inline
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 21 Oct 2023 02:59:40 GMT
server: AmazonS3
etag: W/"c156717ae0dfb2d5235b7dc60d424877-1"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=60,s-maxage=86400
x-amz-cf-id: sAq-jzg5xJQq-s79FtBI-D9suz_Ops90Gieo7hmzctEuhQz6IEsTyw==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame FFBF 266 KB
89 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WF86BFEZ5L&l=dataLayer&cx=c

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

aa0d88cf9405411db10db6a135a9fa9335d98a71cef5e32ae49bf8e205d04422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91052
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 08 Dec 2023 08:01:03 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame FFBF 1 KB
804 B 89ms
22ms Script
application/javascript 2a02:26f0:780::210:a46a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a46a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ecf9967a9685eff0fdc0555125aeb40dc81a85c8de18c48c2a705132ef6129bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 07 Dec 2023 10:28:06 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=8843
accept-ranges: bytes
content-length: 595

GET
H2 200 en.json Show response
cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/translations/ Frame FFBF 8 KB
3 KB 27ms
27ms Fetch
application/json 2600:9000:2447:8e00:2:8531:afc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/translations/en.json

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2447:8e00:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

67c9becbda158bb8b5be6f6e6a6c55c48e7a2f11ac473bb55e0be86a533b5dfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: jScDguod4A_c22OtvuK3q4CE0gJLf53d
content-encoding: gzip
via: 1.1 459ec09472abb8544521a9b5cc6706ce.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 02:08:49 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: AMS58-P5
age: 21135
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-disposition: inline
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 21 Oct 2023 02:59:40 GMT
server: AmazonS3
etag: W/"58d568087696d182127c751a7e0d9134-1"
x-frame-options: SAMEORIGIN
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: ETag
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
x-amz-cf-id: 7vS_zuMeRqOAA4gSW_T_pUEU4_3ek_SwND3XcDtkmLQfaxMYZ0WakA==

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame FFBF 31 KB
12 KB 23ms
22ms Script
application/javascript 2a02:26f0:780::210:a46a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: www.gofundme.com
URL: https://www.gofundme.com/f/help-my-sons-family-while-he-fights-cancer/widget/medium?utm_source=salem-news.com&utm_medium=referral&utm_campaign=widget

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a46a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

15838004d5e196b563a00a0ba16ce432fed6deb3dd4fab7122601f2c4f41560a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gofundme.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 Dec 2023 13:47:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=72704
accept-ranges: bytes
content-length: 12150

GET
H2 200 8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc Show response
sync.transcend.io/consent-manager/ Frame 80EB 313 B
760 B 91ms
22ms Document
application/xhtml+xml 2600:9000:2644:ae00:a:de49:b100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.transcend.io/consent-manager/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc
Requested by: Host: cdn.transcend.io
URL: https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/airgap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:ae00:a:de49:b100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fe188a12938cd48042a6dd4536b0c233ab40714ac48833dee2b6408e668ed6ed

Request headers

Referer: https://www.gofundme.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5619
content-disposition: inline
content-length: 313
content-type: application/xhtml+xml
date: Fri, 08 Dec 2023 06:27:25 GMT
etag: "85e2239b4f358840d9063784b7981e9e-1"
last-modified: Sat, 21 Oct 2023 02:59:39 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 fca814089bc9a82fba87ce0548f9f358.cloudfront.net (CloudFront)
x-amz-cf-id: wRB1WmJyRvW0PkiFvNArQEKyGlev7ofmDZsNvyXaNAbMqugqrD6W4g==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: ZRAgAGpnB2r6BfagFghifksrhlRsaFpp
x-cache: Hit from cloudfront

GET
H2 200 xdi.js Show response
cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/ Frame 80EB 26 KB
12 KB 30ms
29ms Script
text/javascript 2600:9000:2447:8e00:2:8531:afc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.transcend.io/cm/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc/xdi.js

Requested by

Host: sync.transcend.io
URL: https://sync.transcend.io/consent-manager/8aaeb48f-a8e6-4725-820c-b18c4f7cd6cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2447:8e00:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f5d22eee47a54fec107105abfb733e0759d69bfab519a5e2370321e5ae6c7b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.transcend.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: 0NuJA.0hx4NRoToXZDDVbMF14WWwsDz3
content-encoding: gzip
via: 1.1 4a345f25fcb995602afaf132ccf353de.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 06:02:47 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: AMS58-P5
age: 16207
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-disposition: inline
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 21 Oct 2023 02:59:40 GMT
server: AmazonS3
etag: W/"825eb964e68f547f7e46ae9fbba1abc7-1"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: text/javascript
cache-control: max-age=60,s-maxage=86400
x-amz-cf-id: GFim3LF0JP0AVoZSynIQV_xOOH4WtSIa63DcM6UTpnEM2gXCyxFB6g==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6E8 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BDeXZ3OILFu12gBzVbqCrb0FPnfKfcgRDhcv_1RA8vcK0D3R4aFMb7AvfURk6e0BG7x6uzlfWdF-VLREosK5rNxrJZmB5KmguOK55wkfcnH12ZgUw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B6E8 89 KB
31 KB 115ms
114ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame B6E8 3 KB
1 KB 60ms
30ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47186
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:54:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame B6E8 20 KB
9 KB 72ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:55:12 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B6E8 202 KB
64 KB 235ms
82ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EC0D 624 B
246 B 64ms
63ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXJfPb7Ex93i3PjbemJw8YYcmW7mEAomJ5Uo7UDaYRNcEnyu0hr0ZYYuwlplvaWtjTErcsNU2pifZ5wbIyO94aXcIpNzy90nXUbOzOO34PfgO0s2DZttMcsI8KUglq7_Ak5FnB6VJCyD2zu0_etQSysPiInwXw_e1Bs_VUUqc_DLcyZQgY

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:04 GMT
expires: Fri, 08 Dec 2023 08:01:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 456E 42 B
63 B 56ms
55ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DKBEh2i-Xb4XY0n2vPwBe83YQD_pqFpNd9O7MSUZMP8r0mhigw09k7J2-xujlw-abicO-8KS2tZ1lXiDADbr7tTtFfnGxOtDpe6KK4fjXM2BfqTyQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 456E 89 KB
31 KB 137ms
137ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 456E 3 KB
1 KB 49ms
28ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47186
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:54:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 456E 20 KB
8 KB 47ms
24ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:55:12 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 456E 202 KB
64 KB 232ms
87ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1E19 624 B
246 B 67ms
67ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVNMZju6oi15VquZih5SZXrnImnwLZ9rFeMC7vw33i75E8f5-sYUZxK6fLEgmKni3QnYNadVaChgJrzWRyhaq2x1nzO0G8w4Fro9zqqj5uZzIKCckzeOvHwZo9dqQ3t_co-mLslUl8IYTp8OfNTaoWP-t5bjtfiBy04TYVdbvnDEcNsT6Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:04 GMT
expires: Fri, 08 Dec 2023 08:01:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame A043 3 KB
1 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47186
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:54:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame A043 20 KB
8 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:55:12 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame A043 202 KB
64 KB 170ms
46ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame BB8A 168 KB
53 KB 180ms
61ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZXLNPwALaOwE0ahoAAdKNUWaFuq3yyY55N206w&u=%7CFYyMcIn5MguemZT77%2BffnmsiuuYFalILjXRjQzpUewk%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVoEdisV7DxsMY5FH7gWhn57lUHz9q-xyQc83aesKW2aroD1qkk83nnNJ5rOAdU9uTRJYfhv63SEeb3ziZUMJaHo7CVGyAmlNTc03ETEw7_r5CgXWEKebizqiswedGEmKeaZDo-XkSIIvaKE48EoMSRqw6euukMY1QsxqQvpKNo9Bbep8QCR52DUY2zjii-308QItbpUONjs8jQqdrxOjlxsFMmzrIczv7kWckv6RVwGq6nGDOdCDYErUYeY8A6SvwHSaWrmrH2CS-o2kWTs2OCK1BJ4qKORhU9qPhYwn554uwfrMSohgV_t7-eyilAARy4rHbEr0cv9r4u3-D5ytJzix-1u-PPSkEAuEmCPftdpHtefr4lExCjxXDa1o-ZmpbLXgnr0J0TKWHUV6TjxAI4xA-zzYrx6hFN9XS7F3K0zULMGpnaRki7Ff0mfvZaqlyV7nCRT-MLTJWTrz3_dPNCEq98WdiU8qStw6XWaDW4SH8BeFPaFlmZM47Ia8V_lZXs4rupi33jj0h3w25GnhJ5AtaLBiH1RP56XDiWSM4JF3LmrM2Sc3vk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVhRuP81yZezRLejQxtYPtZSdmAXJntKxXNWdkfdwwI23ARABIABglYKAgLgHggEXY2EtcHViLTYxOTUwNjM1MjEyNDE5NznIAQmpAmJck68wGbI-qAMByAMCqgT4AU_QGSPFMXZKfpA9jPgIQ4IOz3nfOoAnTN8AAHJdnb4kur7HwDA_XFrowMkuIsdvQOFSriq_nwcxdemR-QIiT3eItB1SzOTn2g98pUREQwycTxr-3c1d50Z0FCZQf1CbgWGfHcf-A5LhOD1yV6jLwz6S3mzJNuazagTm6uM4iwovL0SwsFBnye2tyK0VfmIKhhM-5_Ib8M_bwGNXXSvQzpB4rvWb2XyKqvLByUo6Pyzwd0S9Bbhuc-QzX5Awp-CZk9461UShaiOCO0olBvcUtEh3usjLJLooHYvS_AHaVgWizzeiRlgl25J_D8pQ0sKCecvzXKnuJ4IkgAb4heXCq4vgsYIBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WMye5OKv_4ID-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3cS_TE-XDJpmcyzRbz6N18EZdGNg%26client%3Dca-pub-6195063521241979%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d1b602feb30aa3194f7a97fd4bf8b4e8eb491f4cf780604730ef4040c3053fe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:03 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=S9IM0t_RqD24A3yDwnyA_-AIf1A18LKI8bx8maMv64I9mkGphQXyHw9mh-oeNVP2kZsEKe5DwiH2-qavhiuvmE_x2yQ_vkOCOSv2qmt91BRKJVac24kmyfJ3k18uPNL2J_PvaoomHnkXCfzGKV-YwvJSFRXDrFB1JMTzWOAO0YnpPjITawd_-qoLLz3pGltarGJw421JpJICuKLJoA4HnSX0Gjyd4IgXKZmVR40YgEM_ov3pFFazofG7mlLOJ2UBHooQQg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 11618444
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame A043 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 879d025ffbd5620ae4bd5009d8d2ab465bb57d47725e1c9d1a4a79ea0b6b9565

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6E8 0
20 B 57ms
57ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9120677705646&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6E8 0
20 B 57ms
57ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9120677705646&version=m202309260101&ct=77&x=1&cor=15143705230638954000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B6E8 20 KB
13 KB 166ms
166ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AysOyO1Rljspvwk3dk2O3KYHlXoJfiQb4gSvGlYD-73a5jfOO_GCyW31iIFG6B2G4SOFGiaWAZ4nHi-V-l5uor4oWyS02tuqoyIAIKKVI9ocHUYCBxYJg0Cu7FxwDt5qOBXlqJOd9yL1ZLiXbqz_yjhCG62b8Sv7OxsETsryOIPWl8bMU&cry=1&dbm_d=AKAmf-D3CD9kzemoJ1X8q2NSnqgyyDfaUkDWriptOvOedF9gD2Qiio6SnDEFy5t4YRwH7ADL62u-JCEn9bFIe-3T4mDUSzB9XvBaH7E5u3CzAcCoCoX16c2cU7bqUfdRt5KSKCsF2jhGGi3FyI_TrKHfuE39VbkgHqJ0Mde4lYrfL8G5e5wWzNrCC2aLUClMRg8gqeheCq4rzfzSv7gRW1InYvvfm6aTQ_MbdQJo16-sWHrrqcpHCTKObR3Bu6PJxu_diJwHPuij3HxOJ9U8tcCWXBYr1f4aW5zajZH_cs6RPqK_6lB3ZqvNgtcKsru-u68Ap1EYku3FEgJg2NNDMvkz1Vu6FqQh8DoJBfD6Svp96zHPoVDJyIRgfvoR5jpx-KsHVeiFPasuODypU3UBPyjMLPs80T7cxCJ3HIoSGQVj-cIwTQXhjykKfk4f4yOnGJmINivnj5LnvpmgsQYnmj5GFJrppoTbNigURSIcV3Tgg114hHqFwiHjTixo87XPX_cI9cT3glY6SX5wHYMZTDj9DCpCDmzwSMF1JWqteyhegNEPaQzYu_SeGNPiMeEl4comhwagdggirAj2379F7qFn5I_jNgpLN8foDC2mbqTa7RLxRm506X5pQtgBj6cafIbFLgWbQOxp17hRUclSjuGEDUdi_lY_vNsfK3PM63sqc2Rw5N7hlBc-TNaDm5Iw4W6hJUoGxsURXvFL7TDxIdX6Bt_w3aeZ9yRzjsZ295xg3ZWaZemwqf2VJc4PwAteQXw4SeBTPbgJxcId0egoIF8hRCxM245mb2q1DFqMLADAQ-aZFjMrqJ1Qh9jXfZTuGUkJseB2tOGYBKnAVArQakXfVdfgvVx37Yt3CasywEpPQDGzTBv5U0F8nQ-3sUluYTgW2RAMkB-Q7wi2kCdtm0CHz4Z3ksqFstDymnwFKoOrOMT7xnhvsRqbb71_-guILjhFDRSx8niiG9Yh1J8B6pGikaSs1EFqWhb_8_YxrKJB5v1kCpbznFqbIgOdcfNO4GT1m6OCIVfQcdALp5oN_tVXbW2fVVFn3hWLHTqBKH2kq0vpZrk0o3v2uxTP661kMn_VH7q1plSEe6xCiO6bdTjK2qHzB7W8q19Zifgm4BKxMGC7SClvrFs0UkAGbwiO_t7Rnm4DoX2Om9mNFQVlDkeWt6C66rHJzLM5QQy1v1mkNrwfADm7c6ILg8RpVF8KaUH3ipuqebpmaJciZALK93oZaI6hytKRF_D8RqX6IP2bTF4WBUhFULAuIvUTWS8zwg3FAfWAGzKLAqFpk6zI-7kvBiiJZd18yH1Dy8UKKSIijora8jrcr15bpMmbjCuZxsowGiy_rMwzmBO4_By0ynD1uTvGYvJbyeLA6J3SiTmnd-fxdoqqbfpKdriwSnAUQX_zv8cBz5-8XpaQPLqHJZ9XlIBYpcI41lGd6GW0fWG4h0REHrvq2mKpbZb4PTH7J5RhWd3iWKnvALCDP7OtLgYX-ULCRSfkk2T-MK44-h_1b_kAo9AepPUQU3TNDZH1PSDTgc4jZEMsHq3f51qoILTqiZEM-rtwf1EEpRdmBrxdbA_LZzyzZmrG7LxIr7bMUxCe2Oqb0Y6CHh9nbjYbmYC6O-92dbnzxKJDSXZNxirAqJxzXGRgZBXsKIFRMqOMG6HKGXLcy5abNr1FQgjdnFQb0nnxzQ6O7MActYUrgWQWhy5196Pdb7BHGlEWzcNF4gLRT5lR7XapKkHiSZKUsBaLqYboodbWaiVMe4yOH3FFnV6M1ris3J47TTOHzeAFNMhewwYjPS0mi-mJN0C96w2Sa21Fsbh0cCSUBINhSL6ugj5l7E81OfniBmTIG4p-0qxOzUwBkSgZcuZjJV6dtge9SWGP95_R8o5hIwAZODxfPsK51RkR6tHuk7ts9KXJiAS_elRLl_uXgOIEqyBTjBi4r9-PPCScJo6RlN5_wmD-NB74Oi9_WOmAsczMaSRdh6K3BBYG_RWTjdIFOjJWrJHNxWuOWjvzIi9DRrAYOStRN4IKGl2xYveW9CcM1oBu9JfjKRBQnPUtwZOJJa_8ub49HHTahoqSSAmuDFyjNP1Nl7fkWa9wueodmJr0AOf6UmtmjLm-l7YrNUmk_kffPj4RFW8h93MLXdtebj_iYjRbxbMQNobq1znd_AjWITMCIOaT8LUtnF1ja37JsGGKpoOBZso1M85VOMlojcWJ2R8cPM70rZdqFV54tZbQP3p6xf1id2qeFQriAPLENIcx6VmkoDL1iT5F9QsqNNWKEWR80Vqv6VeBK3S4OmB_Z-YfAtitey6qe11BRZ72QeHvH4f3PTg4esARDiNYOIZNxMoXCkf43hiRVIXGVZUJdYElAO1MmJbac1PY8OKjAxn06nghK7uG0TU34OayE3EN3pCLVG7tpmMwsoNqxRm_JvAW2Z0HZVY_wnOjHye4hc2pE8CZuTE8NBmnxi1s4PMLxbkgYuvfNMCtahbvl9nBH5-XOM1nLzDN96onqVj8pmjsNRb7qqNsscdVRpQBFyKcC4H7pCiIKkhsachrjaEWVVtEzVuOmpRCaYUx9PpoqMDpbxuZ1ATSlyaQXfdtEIhwUDCY7ikoDqePCMmteX5atSzQkCX8nFXzCK6CO1friJRp9Lg_BwYyA8HR3y4aRvGi-K-fvIjsAZrk85qOe_F9jrx6g4Szl3xQdHScRsziFdnP20Yj6wF7yWz__Gi3vp1zWn1VRpLB_YHeegFkCsCRreMImDBRdUEyy2a4gGYb-NSZqEwpc6Nn2Ocvh1_3WAeiAnDkmU_kWwbKbpLpcLiJb3N8ntSllW37gmCi6L74vfl9tOVZR0_STpk79bEzkOp5YfPZsXma-zaCAPc3fO0lsOSaevoFlYSXjfQyVlAMl4zsgoCf70P_wUSgNBdsdh2GdJsXdvoH9sPY-ecxSu5i96R_xq-ngXsw3yPspAILKnOxsQXCQ7ZwhuRknF-_qzCk7v-fXtUcDkczbVwBt-WFmO-2ZtTTVSPw9hl93Rs0e2SmvHR2s-e_tXuhydSZbc8697kpVGuSTpdG3MioJ_SCtIiiVkvVhMqgl97Sba99SHzYDRqPuwua7fI-dM1FlSecjicyEYeRqLIc0A6hb9N8QHH1x9Pj6ThKrE6V5hn5gc2kG3N2fobT38Urpxk2eytRklfD5wViS7oeSSCcSxoD2znGIlWDGi3BfHm4Mwox35EmoF_dKwv-Lev1tNR83Zq-XhigBGpWucTFjOHz17U-NgcMos6DQoRiUC1MdMINO-A62rOjXMTPiGkR_XfKVbDZ4HAcurpJ14V_z7FxA4ND9eooXoHxmCsZ8wr7LZd23LgLDUaggZtRriwO3h6nGCkaYqMc3vFPnNPrzn2yspPW3sMetmS5FtWUsWgxH2CTM7fytbVqzTp_I9puSUBl97TyZF-5agwwwXxgSH_T-sRLPPN6TeyY3xK3EWXkUtcmdvUCx6pbsQXmZT9Cl5Qr8iL7nNB3p55dy5uDcMzGwHsWSkvmiffVulc0g54LHt_7h1eb0rl3lFb7IdF-hOqOwjTOezZGT_stnlRZuoh09v8GrGrjESADKaWxt56s2GlzAQ7pGIxZqi6sy0Lf6bM_uS6Y63ZZ74JBuJIlQqcNDK_nSJeEyP7WZhrHL2prs1E3m8gtenZBjMhQnQOek9gKIqo4owWJ2yLcVcAvxTtyDptmPSToIr6IXOmC0Bc1pl-98z-K3POUKkUClB4u77kHiK1BOykd_tlwQvQXRbRBOAWdDTjUBBTkELtit1k2Wf3MGsX93SmTPKSCYI6o3VJQv1IaL4QGL7v2yKKfizKnuF-e14E-1i5pL5Ylx0wD4zEcdLH5sVnxkdC-kibf339DUR--uq6CNXdg24GoZ20D2iUP9N-jp7SJ_NKKvDHSyTh8KPOuxf5x6yXB8NqL3A&cid=CAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fsalem-news.com%2F&ds=l&xdt=1&iif=1&cor=15143705230638954000&adk=1964084971&idt=132&cac=0&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0282529af39db81edec5b52bbbaa109ea6cbf5bcffb71c28b1fd5114fbeb955

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13774
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame EC0D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1&C=1

43 B
335 B

62ms
62ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXJfPb7Ex93i3PjbemJw8YYcmW7mEAomJ5Uo7UDaYRNcEnyu0hr0ZYYuwlplvaWtjTErcsNU2pifZ5wbIyO94aXcIpNzy90nXUbOzOO34PfgO0s2DZttMcsI8KUglq7_Ak5FnB6VJCyD2zu0_etQSysPiInwXw_e1Bs_VUUqc_DLcyZQgY
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ozg2k3QphbHkdrl2j7j9li6XNEdPeTUXATNEJIOScZeZHHvsT%2FGZP3BhwpvYdXbQsvda1OKvrXjfryay1TBi8GJQ8437WQYrHtXbIyrEhDjjSP2lhJ8YiAHhdUTO1PRqcwbnw3fNqHuziw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83237a72685f452e-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNMpWoFnpuLAU6fSCcZicmtg8FPuD3vLL2hZEo%2BwCAzwYcPOVeS%2FLoxOW6QT1WNo8eJ9eXD5PhkgpGHZSzufmR9mqPMaq5oHGD9UY7Bsl1BxwxntUvuyHgqPQuf0%2FO7w5MQckN2Woka56w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1&C=1
cache-control: no-cache
cf-ray: 83237a71ff81452e-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EC0D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXLNQLD1w1nAVhU3XygNEwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1

43 B
738 B

72ms
72ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXJfPb7Ex93i3PjbemJw8YYcmW7mEAomJ5Uo7UDaYRNcEnyu0hr0ZYYuwlplvaWtjTErcsNU2pifZ5wbIyO94aXcIpNzy90nXUbOzOO34PfgO0s2DZttMcsI8KUglq7_Ak5FnB6VJCyD2zu0_etQSysPiInwXw_e1Bs_VUUqc_DLcyZQgY
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pN9QVC%2FFEaBfi9IDGYeNfL3%2Fcrl91kvKFlcmFsjtb%2FwnhRnL%2Fai%2Bm6GqrBUcpuzB5yFqoEuvGyfZ3wlCCEMBTPBamI17azuOc7wNIGpS%2FNAYGsmvTkDqKCo4KxIX77XAGsHdKjDurZUDQg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83237a730c1d2685-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame EC0D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM0-aLQLiQugL2fMAdRso3s&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEM0-aLQLiQugL2fMAdRso3s%26google_cver%3D1

43 B
894 B

35ms
35ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEM0-aLQLiQugL2fMAdRso3s%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXJfPb7Ex93i3PjbemJw8YYcmW7mEAomJ5Uo7UDaYRNcEnyu0hr0ZYYuwlplvaWtjTErcsNU2pifZ5wbIyO94aXcIpNzy90nXUbOzOO34PfgO0s2DZttMcsI8KUglq7_Ak5FnB6VJCyD2zu0_etQSysPiInwXw_e1Bs_VUUqc_DLcyZQgY

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
an-x-request-uuid: 18ffba08-cb55-4faa-8ff8-429928e3ed3e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.183; 84.19.175.183; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
an-x-request-uuid: 5247f19a-b801-4ef2-b88f-6ca40d345aae
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEM0-aLQLiQugL2fMAdRso3s%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.183; 84.19.175.183; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EC0D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ1NDg3MzAxNDk0Njk2NTMx

170 B
232 B

31ms
31ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ1NDg3MzAxNDk0Njk2NTMx

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
an-x-request-uuid: b80f006e-7183-4ffb-bcb2-b59c598410b3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ1NDg3MzAxNDk0Njk2NTMx
x-proxy-origin: 84.19.175.183; 84.19.175.183; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1E19
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1&C=1

43 B
767 B

72ms
72ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVNMZju6oi15VquZih5SZXrnImnwLZ9rFeMC7vw33i75E8f5-sYUZxK6fLEgmKni3QnYNadVaChgJrzWRyhaq2x1nzO0G8w4Fro9zqqj5uZzIKCckzeOvHwZo9dqQ3t_co-mLslUl8IYTp8OfNTaoWP-t5bjtfiBy04TYVdbvnDEcNsT6Q
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Na%2BO1s0YliBALUPEdPUVbSfXFRl6GbOEcetdIHepaeaF0oL9DYk2XbVYMC0GTiyWg7tSAQvG6gZoxewdxaL7suMAAqoVFKDys5fCOtl05YI%2BRIwzFZL%2BlGCt409hW1AnmZJgSLS50Y7kg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83237a727afa2685-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ndR4%2BcOHu8SJqY9Wl3nryVhMorZsPi6z11i81grch79ZTt8MEIsUw1MSD%2FycJ%2BH84QXp4zzORa4Hde00b%2BHiVMM5HjHBZaYEwt08qJAbUaWnn6GHeuLygx5D8oYqlRXW%2BH2fPAmXtLD99w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1&C=1
cache-control: no-cache
cf-ray: 83237a71ff7b452e-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1E19
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXLNQLD1w1nAVhU3XygNEwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1

43 B
730 B

74ms
74ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVNMZju6oi15VquZih5SZXrnImnwLZ9rFeMC7vw33i75E8f5-sYUZxK6fLEgmKni3QnYNadVaChgJrzWRyhaq2x1nzO0G8w4Fro9zqqj5uZzIKCckzeOvHwZo9dqQ3t_co-mLslUl8IYTp8OfNTaoWP-t5bjtfiBy04TYVdbvnDEcNsT6Q
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lGT17X0KNCte2NistPfic9R1esQE26wjmp39RPitUWsmyYj5wjzj%2BOCj6sWlwg8m6WAl8DVWfOpYAlhS2jGBwuYvJN5QkeeSBLQPs7U4LQjHZLaiPR0ZlFiBf7TwW%2B8l1U3hncHkrrJ5FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83237a730c1a2685-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJoT-XudSo-AQic-CJrux7A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 1E19
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM0-aLQLiQugL2fMAdRso3s&google_cver=1

43 B
844 B

29ms
28ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEM0-aLQLiQugL2fMAdRso3s&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVNMZju6oi15VquZih5SZXrnImnwLZ9rFeMC7vw33i75E8f5-sYUZxK6fLEgmKni3QnYNadVaChgJrzWRyhaq2x1nzO0G8w4Fro9zqqj5uZzIKCckzeOvHwZo9dqQ3t_co-mLslUl8IYTp8OfNTaoWP-t5bjtfiBy04TYVdbvnDEcNsT6Q

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
an-x-request-uuid: 8bf79dbd-de6f-4c52-8fdc-9fd289af498c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.183; 84.19.175.183; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEM0-aLQLiQugL2fMAdRso3s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1E19
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ1NDg3MzAxNDk0Njk2NTMx

170 B
243 B

31ms
31ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ1NDg3MzAxNDk0Njk2NTMx

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
an-x-request-uuid: 934b3a26-00ee-4ce8-ade2-861ac8582561
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ1NDg3MzAxNDk0Njk2NTMx
x-proxy-origin: 84.19.175.183; 84.19.175.183; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 2B3F 4 KB
1 KB 90ms
31ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 07:15:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 2B3F 2 KB
875 B 29ms
24ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:55:12 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame 2B3F 24 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:54:43 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 2B3F 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47186
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:54:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 2B3F 20 KB
8 KB 26ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:55:12 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2B3F 202 KB
64 KB 104ms
99ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H2 200 7a8419aef3683f04c437bd15cecf843d.js Show response
www.gstatic.com/mysidia/ Frame 2B3F 37 KB
16 KB 71ms
21ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7a8419aef3683f04c437bd15cecf843d.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 268539
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 19:10:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 04 Mar 2024 05:25:25 GMT

GET
H2 200 3034344552691273502
tpc.googlesyndication.com/simgad/ Frame 11FE 30 KB
30 KB 29ms
29ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3034344552691273502?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk6ic_olN1vAWe666NuLHQbigjkYg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1efc20fa7c985d7d22b1941ca164828cbb7658eb6efde057cd4a4b57d5d6b342

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 22:00:44 GMT
x-content-type-options: nosniff
age: 381620
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30270
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 21:30:43 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 02 Dec 2024 22:00:44 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame 11FE 24 KB
9 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:54:43 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 11FE 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:54:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47186
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:54:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 11FE 20 KB
8 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 18:55:12 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 11FE 202 KB
64 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 11FE 36 KB
14 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9b54eb46a8dd9a7eeeff163e368f71c3dfe239aca607f073d1340027677fc16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 19:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46345
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14788
x-xss-protection: 0
server: cafe
etag: 1899721059218863233
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Dec 2023 19:08:39 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D5E3 143 B
166 B 23ms
23ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3404
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 07:04:20 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 2B3F 15 KB
16 KB 92ms
20ms Image
image/jpeg 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSUrBqMBtb2So4HwQ2vKNUi85X1Xv8qEnuDhOQZl_fgHI573l78OdmLff5P82w&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f658562cc5f0e84e80bbd7b9ebdfefa77c2ecd5a9cfec1db9678ac6e662d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:29:34 GMT
x-content-type-options: nosniff
age: 304290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15818
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 08:17:51 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 03 Dec 2024 19:29:34 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 2B3F 20 KB
21 KB 92ms
20ms Image
image/jpeg 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRfPkaaAAi_vlaAM4lMPHpg-KlhCVMdVDdmRzvnU8ofJTUgY7SB5meqpNwiimk&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e569c62ffe2c8366ed09597adea1eb70b174c39b2855c1ea593f33dd2bafd5f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 05:47:05 GMT
x-content-type-options: nosniff
age: 526439
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20532
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 12:40:14 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 01 Dec 2024 05:47:05 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 2B3F 18 KB
18 KB 127ms
55ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQ5rQ8mUp0fiyOfn4tNuzZOWeRpYaNmGNld80Rgy9WLj8bfbWiz8ZZTVIIKTTg&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25fdd50642c6077529b2e71e9b357b4f5a57ed6e7916401722d6f6720be28ee4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 19:07:34 GMT
x-content-type-options: nosniff
age: 46410
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18078
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 06:37:46 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 06 Dec 2024 19:07:34 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 2B3F 34 KB
34 KB 93ms
21ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQsdTLbfEg-htIbX2JsjqKpcB8qDiM77aBbI1VtCD7I97guraaLvy1XtTgiCg&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31b628d2d6f5fce8b1dd7ac9fc3b1996cf6a9c1a570e9df853ffeafbe6eb38fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:08:16 GMT
x-content-type-options: nosniff
age: 568368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34426
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 06:29:01 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 30 Nov 2024 18:08:16 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 2B3F 24 KB
25 KB 115ms
44ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQrq4xKzq2mdUB9V3Z0SuMBa_lbZFaXRdCesgutAclRPQwyXRfWmY8UcfgS8Q&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ceb7fa2fba3168514b521eb98b5e31ea759cb3a1270cdb81c7433dcc3949b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:27:58 GMT
x-content-type-options: nosniff
age: 318786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25071
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 06:12:46 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 03 Dec 2024 15:27:58 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 2B3F 20 KB
21 KB 92ms
21ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTpjxL4vqIoat9Qi0clOxhB2cLrLnE4vb6Tw-tFQQhRndIl82t2Sy9PDxom5kM&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b0103d5131047a6907ba6b56609de98a26e3d5c5835133a93caa19b1071b4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 23:27:15 GMT
x-content-type-options: nosniff
age: 30829
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20951
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 03:42:49 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 06 Dec 2024 23:27:15 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 2B3F 12 KB
12 KB 134ms
63ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQRy9UdgtQX6XbTzWfTjmRMVEF5D9BdrK30_vmK9_Tx928AyM0l7bovuNd3Z4M&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02b4d11b9dbec60e2231d876ffd7e148e56f2326313410a43be1672692af0f47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 19:17:05 GMT
x-content-type-options: nosniff
age: 45839
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12682
x-xss-protection: 0
last-modified: Sun, 04 Feb 2024 03:29:47 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 06 Dec 2024 19:17:05 GMT

GET
H3

200

3995853839924061625
tpc.googlesyndication.com/simgad/ Frame 2B3F
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOCat6zDHxCwCRiwCTIIZ7MB4_P2Swc
https://tpc.googlesyndication.com/simgad/3995853839924061625

77 KB
77 KB

23ms
22ms

Image
image/png

2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3995853839924061625

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87a92e159459b46d503d7ca9301e076e886bf1eb91abaae349f8b6a69deb2571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:57:06 GMT
x-content-type-options: nosniff
age: 65038
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79088
x-xss-protection: 0
last-modified: Mon, 24 Apr 2023 17:15:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 06 Dec 2024 13:57:06 GMT

Redirect headers

date: Thu, 07 Dec 2023 17:10:37 GMT
x-content-type-options: nosniff
server: cafe
age: 53427
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/3995853839924061625
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 Jan 2024 17:10:37 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 456E 0
20 B 63ms
57ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7291925844913&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 456E 0
20 B 64ms
57ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7291925844913&version=m202309260101&ct=77&x=1&cor=9385498792969679000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 456E 20 KB
13 KB 166ms
163ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CmaL1rnZGGmcJ08m_vJRqb0tx_N6tL4iIuGffzKKiCRW0ePBH1vWJWL9eahez0XFjxV40satxGomUL6XAUAd3saiXbj15cPO__C1R1R2XOIjDmBf0t4FGd-VbY0jfntU-Z4-S1QDSSdtQ-imJlSQ2EpWun96tOArfI045nLBHBnFdCdeY&cry=1&dbm_d=AKAmf-DDJ-skW9jq7xDLhIs1B1P41wrtJu0OFXIEc7sHkQbd34C_uK8TfIAliSC6k5dWfFouE19Du6t8s8yy-z2WUKcQerLeY7LSsMTtfzav2yLyQiHvQgisX83k-bojMjFuy7sw9uaMxCuC2-LtlGalaT6Alyom4BiaUSG5m_CjAMtameehiGFmbKAGCNFcwVIB8ME54rdDQKGkUG0rSKb9xzMHoi6JohGRzjyaXePGjQYWWVdjSGtLZLM-ctRQmgdFOHSxj93oRbhsunh002g3UcTodJ9w9HjaSrnVk7T8kyIk1GKzZliB38YkFS2_LkpNzmuQCD5zEW_uWy-MYHLz-nUVQ6XgLCQ2ftFvv9lYVRaN5d-XBg7Gq0bhldQXmE1rOHmOwVHmHlPcXM8F0d9A4E8qbQ5SC9zLrvv5K5ykymAi_5UmsTEnPUUSq8FWxLjwwWHAv22VIWSX2E7ejr0xHwejhfJ2aKQjPZhJxyOkJuVn529z2ZeJBaIcNvGaxd4n-xFb2Db_U8Klok_AEpkIMRJrZYRtF8cxMEXbxFSoLx4bL_V7xpqUSjod0J7hWVeZ95oV31JKcnbzyoIqiTlHjlh3IutHsWmj-9Q9OXBzAYmGPXIqmhJQjNvrPVecBwLMMmh5srGf0ybgxtpII_PVmykr3lD2ixCGuBOJe0RSzflVnRuOBLlJkuPcJpbq8SlSJX54DHeQHdRsgDS60okug_PEqh1a90FNSaJiZUAcO9-5vdGDkUhBd1Ixo1czIelMmv-NghsjP3kO-3JdVlYv-jbS4OG1gc0qydYVSUa_XO8Es5KEKbjjNOKmpNo6Cw5uRnm-t10Lo4FkFDGuSI01q2n--JIM5JLXqDSbFhKfIVtCqbZ_93eeDR3A3qM3E7FuJXj2qu_OM-HGUkXoAvs4vEByOUEp17_BfrfTT5-YO4QKcO9NRXL4GgdaZKojbprm__CB8JIbVJMHMCbBNAo4k2ocBj_0KLLC2-lwb3nBw6By1CdvCF66IbCaQWIlkqkJVHfGnvvTiEpRYX3uBRcqMrXVq4VO1bzFLGXdG0OwaKuGKp2rlROTp0LtSkQxoia_Q1uEbMNhV9GCR-4t2PXxAr5XGGoR-q7gxL5L0uybxFQxVsmfqlHtdmT7EFmxSaIrYtqb22O9ikaJQtbdGXI_fLGr_qdohKQCZTJk642ZwtOLrAFapTdInH79DzOdw7cW-QFDO6q-PSJ6Qlwtfep30DVCGEtMDxnFuEbWJ5SWZAElQabrrmrT2l1PmJyxU0aIzQhw2NeeJ-AzoL3v08yATNcKN6y9rR36KedCRJhF2qbPkpy3OJdvQ2fLhv5KXmoOCpjLk_m7D5Eplx9jVXluhmWd98q26MXcRXNGSVp7-rj14et1gRCZ1r-jkm44jkSzfLtAKANS_5AF7wSTSY7pLXqxAnIeEcqX7bm0TN1NdMAsCISAgZ7lmBrIVsiukUOwFWLhdw6YJNNeHUiK1jkaSaujsZNoL8GiDX1D0_8013_-kaAmivzc9bqk_e8bbYqprRIPkuLjACIvm0wmzcziqA2I8mY3Jf_0lE5FODZhvdEhh7lbtQiEFJrOTajNilAyGsxrPiDfLAkQcFd0zvA6wMOeebmlTgyAGqUL64aNBuoMLrbJH5Ux0WI8j9EjoeGhQGHLloZSLN73NnSwOVfiHcn6tP0vam5vBFegto0QbziukeulMZxb28k4MvQyKbGLlX7LeZp1kmrIqVBfduRm-xH0vKSenWxDbSq3OK3cPIw3hLxveMKwPHUB01kgRGH1GNtKVl5tlqjkMeid4rU6yiqama9UFUFOoRLyj7_yDZyDSWGskqBLti6LBBD1bPdQo8nQevH77Pq30k7VGTqjXuuUIQK-QHV3M1D05yX1MAMzyhPkcZf13wz6SDHW1GyRfPdfsyHQLwdLnc93gVa3UyxYhjSYqW8DVSdv9AGrZ1tnnFDpl9D5FRjXS-QtMjAqbNx3QVTs3qfwKmAyB0HCamGOmb0m8lSz2yryvSF-QhJi2eA1X7LbZOdMFZ2YzvRKYkYU1dGbz6E0hE9XpPpd4XNOeetZrz_O-8vqTvvxYz7J5cBYfp0ai6LkzuXZvP01Daoidk-LROwoO5kI7GDOWah_q4mXGgRwB9yjCZi36N715uzYyriKeTPGXEXvDCh3PLpcRrKqEdMdIPUKIVWaU8mq6UWjmp1NLYzbXfUJYwn8LEMq9uA8JEYugYrhL2N43-USQYcOfEglo0UKlvfnpcixWGbPtZTyIrW8OXoYwxslUpz8xCajlIcdhkhaKbLwwikCHeTCzVQltL37f8WR99HBRfYXwdLb3wP1KCc9ObHq4WEXmgub6LDCZJlqe5jKNEUD1DP89Nilbx76yNvJs9HNDsfeOiqkR9-stqPYS_Tskls8cjuD9wa_57mUihbQsoQa-Q5a1lMMNuO01BA0XfZDLZsSxfbio6MuOrq2hwH6d6FM6obrlOcqzBr0-dv0BE9Fwhp_Ny0H_E0ROd9kYzOvBh7DQipEaR9N7U8Su1Stv5-KSOxBLaJPhPRu7pmOOvcxg8fUEr8SJ0IM8oIevP7plD5oJJLXdALII4d-y8Qipk6H8VawFa_fb8Kcd1a5onhHPzj2pTqIiuThKzUHm5eSgJwOqEgSWSIRg8M6YYtlq19R4pAkMFa0UE3oI_bMzWi7yzVj0WQqj1d8HNxtV6i9fZbVJMKXIhNaHDHlogURf9cQLcbtUjJ87oimDL2vNOZb7dx0d-tH8tJpZTEpIY2qWxkCPioskfRoWfAW_-mNfh6bUYygaXkyed5JVQ-K_fPF15Zw9gsM8Gx4vvOpUHtqpSkPcdwIJGcCRTjPv2Af7EL4pT0njvX52cXsQBIVCaLKHAb36sRvguakp0gRWoo2dhnpbyKY1CcW-FfI2IXTQ5yclFF23-BbkxMUeh_Ogo2iC8WgutgJkq_wKLYGBVAI_wE_KiJBQPZ03sr-AFgoJ2bnKo6pIpxaEyc0htnS8p9C9Bt0micVoo6iGYfJlE6LtUveT_fERlby4PYxsniiD9vEtakZJrBra0l9j_F-7tj8oD-bFP5pqiqc44n34bKYnRQZrMSOQ2D0Wev6AmEs8VWp8IpBbPfb8dv3NSFlOWzDaMNwt6m6XWLOSJQD1AkCRDH9kaj36gumcAahgNhVFfFsjpcpG3yiD4So0IFwTj33SfRyNX4Z2J6p9F0yNoLTqF0Q2qf_5753hDVrIDH6d-JJg06AoFg1jmI8rVLKR79v5ZUatFNk8GaJW8K3ebnnhT4aYjow22_jRkoFEeHcQJSdlUAUTtogxIUv4DN4FGS8PKbNgmv0ZSrGK9cSl7a-e0zfsg13fLrnNlMFbUTJycVALgccb_1qr_zdEHo-CW2EOEvszt_RW_JqSYgFFfEnA-nC_xepkT6igf-7_2BWL1fWzhRFOiiOA9QxxA37O_kzqUpi1vSphfkK_gL3o3LDaPGAFuRSuub3o-9dsqgBhJflwvHVN4EHhw1hB_pgC5OZY3Y-p-PIMwe4kIgjGkTplGv7NHl8cLUQMx05tFaC-3G5HiHdZ36oW2TMcOGYqiwv94eL9clqtGoCnK-iD4KFvmPvd9Vq-nRs-BqnJFfT8M8jxlT3IBO1wwGK0QIYQH-EHaHWUO7SiVC5PUb8Jf8dRYel029dlO3Mk4HEJT7Yf0fUw9Dz4MaWTgvQk0uv1DDrs52c1K-xZ1n_4r5GeFat6IeoMMaXdKdnmKDr-5Nx2c6sH3mR71jseuCO7kpTNEKAaK-01eR85lnyQwdPXEfUpYd3ZfcYWP5-1JIgbsz0H7tYaGArOq_G7GT2uKRTLidRqfptRL_OwsCxXh9LDcZtj9jpx_L6UM_7ckaEkapldA2KK_jEuXV3FLDaZ7ZP7luN0i3_0_WT84fM9W1465WGI56sNg&cid=CAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fsalem-news.com%2F&ds=l&xdt=1&iif=1&cor=9385498792969679000&adk=250412561&idt=146&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

42c2ac6cb53dcc5d264ec29ca3d796c347ee643aa01d94ef73d0b24a814c9849

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13655
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame BB8A 2 KB
1 KB 153ms
75ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZXLNPwALaOwE0ahoAAdKNUWaFuq3yyY55N206w&u=%7CFYyMcIn5MguemZT77%2BffnmsiuuYFalILjXRjQzpUewk%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVoEdisV7DxsMY5FH7gWhn57lUHz9q-xyQc83aesKW2aroD1qkk83nnNJ5rOAdU9uTRJYfhv63SEeb3ziZUMJaHo7CVGyAmlNTc03ETEw7_r5CgXWEKebizqiswedGEmKeaZDo-XkSIIvaKE48EoMSRqw6euukMY1QsxqQvpKNo9Bbep8QCR52DUY2zjii-308QItbpUONjs8jQqdrxOjlxsFMmzrIczv7kWckv6RVwGq6nGDOdCDYErUYeY8A6SvwHSaWrmrH2CS-o2kWTs2OCK1BJ4qKORhU9qPhYwn554uwfrMSohgV_t7-eyilAARy4rHbEr0cv9r4u3-D5ytJzix-1u-PPSkEAuEmCPftdpHtefr4lExCjxXDa1o-ZmpbLXgnr0J0TKWHUV6TjxAI4xA-zzYrx6hFN9XS7F3K0zULMGpnaRki7Ff0mfvZaqlyV7nCRT-MLTJWTrz3_dPNCEq98WdiU8qStw6XWaDW4SH8BeFPaFlmZM47Ia8V_lZXs4rupi33jj0h3w25GnhJ5AtaLBiH1RP56XDiWSM4JF3LmrM2Sc3vk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVhRuP81yZezRLejQxtYPtZSdmAXJntKxXNWdkfdwwI23ARABIABglYKAgLgHggEXY2EtcHViLTYxOTUwNjM1MjEyNDE5NznIAQmpAmJck68wGbI-qAMByAMCqgT4AU_QGSPFMXZKfpA9jPgIQ4IOz3nfOoAnTN8AAHJdnb4kur7HwDA_XFrowMkuIsdvQOFSriq_nwcxdemR-QIiT3eItB1SzOTn2g98pUREQwycTxr-3c1d50Z0FCZQf1CbgWGfHcf-A5LhOD1yV6jLwz6S3mzJNuazagTm6uM4iwovL0SwsFBnye2tyK0VfmIKhhM-5_Ib8M_bwGNXXSvQzpB4rvWb2XyKqvLByUo6Pyzwd0S9Bbhuc-QzX5Awp-CZk9461UShaiOCO0olBvcUtEh3usjLJLooHYvS_AHaVgWizzeiRlgl25J_D8pQ0sKCecvzXKnuJ4IkgAb4heXCq4vgsYIBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WMye5OKv_4ID-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3cS_TE-XDJpmcyzRbz6N18EZdGNg%26client%3Dca-pub-6195063521241979%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame BB8A 2 KB
1 KB 170ms
93ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame BB8A 308 B
637 B 147ms
72ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame BB8A 293 B
621 B 170ms
95ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame BB8A 43 B
348 B 101ms
29ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=6dIwTcna6oScJcJGIyDrUYEvEkRMgZ6xxS8meHHX8HQJ5G7EsTF8ALLQrLcbty6VTN9kUcWn03AnclXwb_r740fHCKC16wEs0FcWPAxBp_KTT591RAfeC0q16bm0vQLwlpETgoSF1P1_QozcDme1p9b6ExWUyNkovP9b5Ssje4o5EobtTRMTJbCKzvEc94rIH62vdgxH-ouTc8PasFDpfxz6NjN0HKd0dWuEH8GKqEwLD0Cb9tbp6qskcanit2WOOaGL0TXHv86q8iIgyqi57lUn4i6d9L3upBTy6ip0CS4GQuLe7oGK6OY6TmOVrJSRps3twR98B4JbcAxN3DWMm8PcyjXFuryUdWhwJP2FC56S89k5UOPlJKR6rzWgYuq6pksT2LZbDukDSvsDYDiE_GUhzf23Uulhu_upxviwX8YzUHjR

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:03 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1662769
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 11FE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b28d136e1e0a42244c6009763c10d772aed819c3dedccc3786330934f0c3e7a5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D5E3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

38ms
38ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:04 GMT
expires: Fri, 08 Dec 2023 08:01:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:04 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame BB8A 3 KB
738 B 32ms
30ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4ddf6973fa3421cc10d8946187a761c0317632b66442c3d20c736024fba1029f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 07:21:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H2 200 6b12a17767054fcf8fbd506e0398e1c0_06e18b78af5cdb4c84432696bd43432f.png
static.criteo.net/design/dt/19906/220623/ Frame BB8A 2 KB
2 KB 117ms
92ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/19906/220623/6b12a17767054fcf8fbd506e0398e1c0_06e18b78af5cdb4c84432696bd43432f.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a67f7c40e1f2acac9e9d5623dabb39188083317341d23eb085997779a5f347a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 23 Jun 2022 13:29:17 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "62b46aad-751"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 1873
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H2 200 7ae26ba50d194f6186bbbabc026e23d7_f68f8b04a0a914318d795023d9a264aa.png
static.criteo.net/design/dt/19906/220623/ Frame BB8A 33 KB
33 KB 98ms
73ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/19906/220623/7ae26ba50d194f6186bbbabc026e23d7_f68f8b04a0a914318d795023d9a264aa.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

9ef54ce221fe81933db2f8713dba333bebea4585a77cb4ba52498e5f3f083ada

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 23 Jun 2022 13:29:18 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "62b46aae-8263"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 33379
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BB8A 7 KB
7 KB 184ms
108ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F49992051_2-202310271305.jpg&v=3&w=800&rid=4&s=ek7wfcbxNgbe13deIrjZgX17

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ad294104f5d656ccdb248e15072fcd15deab18f8d2499fe29852f6f801ae8c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 7356
expires: Tue, 12 Nov 2024 18:43:14 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BB8A 5 KB
5 KB 187ms
112ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F82689_2-202003232237.jpg&v=3&w=800&rid=4&s=wor7g7zc4eJcRwabEID3JqTb

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1dbb7d94630c8e762082b9aa8abc6579a1be8657b1f8cd74db1a023ff2966196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 5314
expires: Fri, 22 Nov 2024 12:21:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BB8A 9 KB
9 KB 118ms
43ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F49992054_3-202310271306.jpg&v=3&w=800&rid=4&s=EHHfIsVoQOPuL5JP49JpxYn4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

424d101d47bbe9764711787d837c6eeae31e8002ee7fb84861d4b565c1dcc94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 9314
expires: Sat, 09 Nov 2024 09:11:59 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BB8A 12 KB
12 KB 153ms
78ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F24407122_11-202308152236.jpg&v=3&w=800&rid=4&s=mQjizpSgNYDWhxdiCC8DxWcm

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0e7bf7e7bfd3396bd1580a6f82cba120025f263d0d5bd7865f59c4c8d5640351

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 12442
expires: Thu, 14 Nov 2024 12:52:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BB8A 9 KB
9 KB 182ms
107ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F49990656_3-202302021235.jpg&v=3&w=800&rid=4&s=LL-d7rLsqTIMFid8tXgay5Op

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

03a0166daf6557f3ff3ca59dbb4a32c487c0728d722c878d46d538a36350cdd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 9248
expires: Tue, 29 Oct 2024 02:48:14 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BB8A 10 KB
10 KB 154ms
78ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=800&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F25400735_6-202003242242.jpg&v=3&w=800&rid=4&s=xcx_FT391B7Mb4pJW5iOmSHk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1830714f9d18ea80c24c15835373caeac686edc54adcb047ceeb39d82171b9e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 10424
expires: Thu, 07 Nov 2024 17:38:57 GMT

GET
H2 200 zepto-studio-1.0.1.js Show response
static.criteo.net/zepto/ Frame BB8A 28 KB
11 KB 103ms
102ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/zepto/zepto-studio-1.0.1.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a558dc731872adb52490cf8550eb796d0d0b448df332e38f815228576dd0cd5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 21 Aug 2019 08:32:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5d5d018f-6f5d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H2 206 813ca44bd1fd45d8a09c146884bab503_e3cb6ce7c52888651eef397e58771aab.mp4
static.criteo.net/design/dt/19906/220623/ Frame BB8A 435 KB
0 113ms
113ms Media
video/mp4 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/19906/220623/813ca44bd1fd45d8a09c146884bab503_e3cb6ce7c52888651eef397e58771aab.mp4?ibv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 23 Jun 2022 13:29:20 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "62b46ab0-de91a"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-911641/911642
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 911642
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame B6E8 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AysOyO1Rljspvwk3dk2O3KYHlXoJfiQb4gSvGlYD-73a5jfOO_GCyW31iIFG6B2G4SOFGiaWAZ4nHi-V-l5uor4oWyS02tuqoyIAIKKVI9ocHUYCBxYJg0Cu7FxwDt5qOBXlqJOd9yL1ZLiXbqz_yjhCG62b8Sv7OxsETsryOIPWl8bMU&cry=1&dbm_d=AKAmf-D3CD9kzemoJ1X8q2NSnqgyyDfaUkDWriptOvOedF9gD2Qiio6SnDEFy5t4YRwH7ADL62u-JCEn9bFIe-3T4mDUSzB9XvBaH7E5u3CzAcCoCoX16c2cU7bqUfdRt5KSKCsF2jhGGi3FyI_TrKHfuE39VbkgHqJ0Mde4lYrfL8G5e5wWzNrCC2aLUClMRg8gqeheCq4rzfzSv7gRW1InYvvfm6aTQ_MbdQJo16-sWHrrqcpHCTKObR3Bu6PJxu_diJwHPuij3HxOJ9U8tcCWXBYr1f4aW5zajZH_cs6RPqK_6lB3ZqvNgtcKsru-u68Ap1EYku3FEgJg2NNDMvkz1Vu6FqQh8DoJBfD6Svp96zHPoVDJyIRgfvoR5jpx-KsHVeiFPasuODypU3UBPyjMLPs80T7cxCJ3HIoSGQVj-cIwTQXhjykKfk4f4yOnGJmINivnj5LnvpmgsQYnmj5GFJrppoTbNigURSIcV3Tgg114hHqFwiHjTixo87XPX_cI9cT3glY6SX5wHYMZTDj9DCpCDmzwSMF1JWqteyhegNEPaQzYu_SeGNPiMeEl4comhwagdggirAj2379F7qFn5I_jNgpLN8foDC2mbqTa7RLxRm506X5pQtgBj6cafIbFLgWbQOxp17hRUclSjuGEDUdi_lY_vNsfK3PM63sqc2Rw5N7hlBc-TNaDm5Iw4W6hJUoGxsURXvFL7TDxIdX6Bt_w3aeZ9yRzjsZ295xg3ZWaZemwqf2VJc4PwAteQXw4SeBTPbgJxcId0egoIF8hRCxM245mb2q1DFqMLADAQ-aZFjMrqJ1Qh9jXfZTuGUkJseB2tOGYBKnAVArQakXfVdfgvVx37Yt3CasywEpPQDGzTBv5U0F8nQ-3sUluYTgW2RAMkB-Q7wi2kCdtm0CHz4Z3ksqFstDymnwFKoOrOMT7xnhvsRqbb71_-guILjhFDRSx8niiG9Yh1J8B6pGikaSs1EFqWhb_8_YxrKJB5v1kCpbznFqbIgOdcfNO4GT1m6OCIVfQcdALp5oN_tVXbW2fVVFn3hWLHTqBKH2kq0vpZrk0o3v2uxTP661kMn_VH7q1plSEe6xCiO6bdTjK2qHzB7W8q19Zifgm4BKxMGC7SClvrFs0UkAGbwiO_t7Rnm4DoX2Om9mNFQVlDkeWt6C66rHJzLM5QQy1v1mkNrwfADm7c6ILg8RpVF8KaUH3ipuqebpmaJciZALK93oZaI6hytKRF_D8RqX6IP2bTF4WBUhFULAuIvUTWS8zwg3FAfWAGzKLAqFpk6zI-7kvBiiJZd18yH1Dy8UKKSIijora8jrcr15bpMmbjCuZxsowGiy_rMwzmBO4_By0ynD1uTvGYvJbyeLA6J3SiTmnd-fxdoqqbfpKdriwSnAUQX_zv8cBz5-8XpaQPLqHJZ9XlIBYpcI41lGd6GW0fWG4h0REHrvq2mKpbZb4PTH7J5RhWd3iWKnvALCDP7OtLgYX-ULCRSfkk2T-MK44-h_1b_kAo9AepPUQU3TNDZH1PSDTgc4jZEMsHq3f51qoILTqiZEM-rtwf1EEpRdmBrxdbA_LZzyzZmrG7LxIr7bMUxCe2Oqb0Y6CHh9nbjYbmYC6O-92dbnzxKJDSXZNxirAqJxzXGRgZBXsKIFRMqOMG6HKGXLcy5abNr1FQgjdnFQb0nnxzQ6O7MActYUrgWQWhy5196Pdb7BHGlEWzcNF4gLRT5lR7XapKkHiSZKUsBaLqYboodbWaiVMe4yOH3FFnV6M1ris3J47TTOHzeAFNMhewwYjPS0mi-mJN0C96w2Sa21Fsbh0cCSUBINhSL6ugj5l7E81OfniBmTIG4p-0qxOzUwBkSgZcuZjJV6dtge9SWGP95_R8o5hIwAZODxfPsK51RkR6tHuk7ts9KXJiAS_elRLl_uXgOIEqyBTjBi4r9-PPCScJo6RlN5_wmD-NB74Oi9_WOmAsczMaSRdh6K3BBYG_RWTjdIFOjJWrJHNxWuOWjvzIi9DRrAYOStRN4IKGl2xYveW9CcM1oBu9JfjKRBQnPUtwZOJJa_8ub49HHTahoqSSAmuDFyjNP1Nl7fkWa9wueodmJr0AOf6UmtmjLm-l7YrNUmk_kffPj4RFW8h93MLXdtebj_iYjRbxbMQNobq1znd_AjWITMCIOaT8LUtnF1ja37JsGGKpoOBZso1M85VOMlojcWJ2R8cPM70rZdqFV54tZbQP3p6xf1id2qeFQriAPLENIcx6VmkoDL1iT5F9QsqNNWKEWR80Vqv6VeBK3S4OmB_Z-YfAtitey6qe11BRZ72QeHvH4f3PTg4esARDiNYOIZNxMoXCkf43hiRVIXGVZUJdYElAO1MmJbac1PY8OKjAxn06nghK7uG0TU34OayE3EN3pCLVG7tpmMwsoNqxRm_JvAW2Z0HZVY_wnOjHye4hc2pE8CZuTE8NBmnxi1s4PMLxbkgYuvfNMCtahbvl9nBH5-XOM1nLzDN96onqVj8pmjsNRb7qqNsscdVRpQBFyKcC4H7pCiIKkhsachrjaEWVVtEzVuOmpRCaYUx9PpoqMDpbxuZ1ATSlyaQXfdtEIhwUDCY7ikoDqePCMmteX5atSzQkCX8nFXzCK6CO1friJRp9Lg_BwYyA8HR3y4aRvGi-K-fvIjsAZrk85qOe_F9jrx6g4Szl3xQdHScRsziFdnP20Yj6wF7yWz__Gi3vp1zWn1VRpLB_YHeegFkCsCRreMImDBRdUEyy2a4gGYb-NSZqEwpc6Nn2Ocvh1_3WAeiAnDkmU_kWwbKbpLpcLiJb3N8ntSllW37gmCi6L74vfl9tOVZR0_STpk79bEzkOp5YfPZsXma-zaCAPc3fO0lsOSaevoFlYSXjfQyVlAMl4zsgoCf70P_wUSgNBdsdh2GdJsXdvoH9sPY-ecxSu5i96R_xq-ngXsw3yPspAILKnOxsQXCQ7ZwhuRknF-_qzCk7v-fXtUcDkczbVwBt-WFmO-2ZtTTVSPw9hl93Rs0e2SmvHR2s-e_tXuhydSZbc8697kpVGuSTpdG3MioJ_SCtIiiVkvVhMqgl97Sba99SHzYDRqPuwua7fI-dM1FlSecjicyEYeRqLIc0A6hb9N8QHH1x9Pj6ThKrE6V5hn5gc2kG3N2fobT38Urpxk2eytRklfD5wViS7oeSSCcSxoD2znGIlWDGi3BfHm4Mwox35EmoF_dKwv-Lev1tNR83Zq-XhigBGpWucTFjOHz17U-NgcMos6DQoRiUC1MdMINO-A62rOjXMTPiGkR_XfKVbDZ4HAcurpJ14V_z7FxA4ND9eooXoHxmCsZ8wr7LZd23LgLDUaggZtRriwO3h6nGCkaYqMc3vFPnNPrzn2yspPW3sMetmS5FtWUsWgxH2CTM7fytbVqzTp_I9puSUBl97TyZF-5agwwwXxgSH_T-sRLPPN6TeyY3xK3EWXkUtcmdvUCx6pbsQXmZT9Cl5Qr8iL7nNB3p55dy5uDcMzGwHsWSkvmiffVulc0g54LHt_7h1eb0rl3lFb7IdF-hOqOwjTOezZGT_stnlRZuoh09v8GrGrjESADKaWxt56s2GlzAQ7pGIxZqi6sy0Lf6bM_uS6Y63ZZ74JBuJIlQqcNDK_nSJeEyP7WZhrHL2prs1E3m8gtenZBjMhQnQOek9gKIqo4owWJ2yLcVcAvxTtyDptmPSToIr6IXOmC0Bc1pl-98z-K3POUKkUClB4u77kHiK1BOykd_tlwQvQXRbRBOAWdDTjUBBTkELtit1k2Wf3MGsX93SmTPKSCYI6o3VJQv1IaL4QGL7v2yKKfizKnuF-e14E-1i5pL5Ylx0wD4zEcdLH5sVnxkdC-kibf339DUR--uq6CNXdg24GoZ20D2iUP9N-jp7SJ_NKKvDHSyTh8KPOuxf5x6yXB8NqL3A&cid=CAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fsalem-news.com%2F&ds=l&xdt=1&iif=1&cor=15143705230638954000&adk=1964084971&idt=132&cac=0&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 568556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjAyMjQ2NDE4MzQzNgogIHNlcnZlcl9pcDogMTM0MDU4MDkwCiAgcHJvY2Vzc19pZDogMzAyMDcwNzM4NAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame B6E8 0
948 B 125ms
59ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjAyMjQ2NDE4MzQzNgogIHNlcnZlcl9pcDogMTM0MDU4MDkwCiAgcHJvY2Vzc19pZDogMzAyMDcwNzM4NAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA0OTU3NjA5ODExNjQ2MDcxODQyCmRlYnVnX2tleTogMjM0NjU0NTgyMzIyOTM2NDE2MAppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTItMDgiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NDg0MAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjA4NjM4CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xf4cbdbb8ea70e6e90000000000000000","13":"0xe172d6c0703af0c20000000000000000","14":"0xa59dcb1530a9695b0000000000000000","15":"0x6409396f7758cabd0000000000000000"},"debug_key":"2346545823229364160","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"4957609811646071842"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 2B3F 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3cbaa87107ab1440e450d819195df0babe178c9e7d2f7ca47f2cc089a38cbe27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame B6E8 12 KB
4 KB 96ms
27ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1702022463605852&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fcafa1584fbf01e8576cccd01f7477176453c09f6ad74cb07a4d91976ae01b1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:04 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4227
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 11FE
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CjajAP81yZf7uIY7vxtYP46KCsAbZ9IjXdNPjwquZEvHJ_d8FEAEguOarBGCVgoCAuAegAdKfouYoyAECqQKfI5h5SUldPqgDAcgDyQSqBPoBT9CSGJZM5PFTSptQWuoqlIregT8H7vXvMm_...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217161298093834619946%22,%22debug_reporting%22:true,%22destination%22:%22https://ui.org.ua%22,%22event_report_window%22:%22...

0
0

104ms
58ms

Fetch
text/css

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217161298093834619946%22,%22debug_reporting%22:true,%22destination%22:%22https://ui.org.ua%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210951888850%22],%224%22:[%2212-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2271647060170354897%22}&andc=true

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"17161298093834619946","debug_reporting":true,"destination":"https://ui.org.ua","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10951888850"],"4":["12-08"],"6":["true"]},"priority":"500","source_event_id":"71647060170354897"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 08 Dec 2023 08:01:04 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"17161298093834619946","debug_reporting":true,"destination":"https://ui.org.ua","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10951888850"],"4":["12-08"],"6":["true"]},"priority":"500","source_event_id":"71647060170354897"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 2B3F 21 KB
21 KB 73ms
22ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:50:44 GMT
x-content-type-options: nosniff
age: 256220
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Dec 2024 08:50:44 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame FEA4 38 KB
13 KB 22ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 254979
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 09:11:25 GMT
expires: Wed, 04 Dec 2024 09:11:25 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame B265 51 KB
19 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=3720366759&adf=3678085072&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463045&bpp=218&bdt=364&idt=415&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&correlator=2991445271276&frm=20&pv=2&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 10:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 250169
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 10:31:35 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 456E 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CmaL1rnZGGmcJ08m_vJRqb0tx_N6tL4iIuGffzKKiCRW0ePBH1vWJWL9eahez0XFjxV40satxGomUL6XAUAd3saiXbj15cPO__C1R1R2XOIjDmBf0t4FGd-VbY0jfntU-Z4-S1QDSSdtQ-imJlSQ2EpWun96tOArfI045nLBHBnFdCdeY&cry=1&dbm_d=AKAmf-DDJ-skW9jq7xDLhIs1B1P41wrtJu0OFXIEc7sHkQbd34C_uK8TfIAliSC6k5dWfFouE19Du6t8s8yy-z2WUKcQerLeY7LSsMTtfzav2yLyQiHvQgisX83k-bojMjFuy7sw9uaMxCuC2-LtlGalaT6Alyom4BiaUSG5m_CjAMtameehiGFmbKAGCNFcwVIB8ME54rdDQKGkUG0rSKb9xzMHoi6JohGRzjyaXePGjQYWWVdjSGtLZLM-ctRQmgdFOHSxj93oRbhsunh002g3UcTodJ9w9HjaSrnVk7T8kyIk1GKzZliB38YkFS2_LkpNzmuQCD5zEW_uWy-MYHLz-nUVQ6XgLCQ2ftFvv9lYVRaN5d-XBg7Gq0bhldQXmE1rOHmOwVHmHlPcXM8F0d9A4E8qbQ5SC9zLrvv5K5ykymAi_5UmsTEnPUUSq8FWxLjwwWHAv22VIWSX2E7ejr0xHwejhfJ2aKQjPZhJxyOkJuVn529z2ZeJBaIcNvGaxd4n-xFb2Db_U8Klok_AEpkIMRJrZYRtF8cxMEXbxFSoLx4bL_V7xpqUSjod0J7hWVeZ95oV31JKcnbzyoIqiTlHjlh3IutHsWmj-9Q9OXBzAYmGPXIqmhJQjNvrPVecBwLMMmh5srGf0ybgxtpII_PVmykr3lD2ixCGuBOJe0RSzflVnRuOBLlJkuPcJpbq8SlSJX54DHeQHdRsgDS60okug_PEqh1a90FNSaJiZUAcO9-5vdGDkUhBd1Ixo1czIelMmv-NghsjP3kO-3JdVlYv-jbS4OG1gc0qydYVSUa_XO8Es5KEKbjjNOKmpNo6Cw5uRnm-t10Lo4FkFDGuSI01q2n--JIM5JLXqDSbFhKfIVtCqbZ_93eeDR3A3qM3E7FuJXj2qu_OM-HGUkXoAvs4vEByOUEp17_BfrfTT5-YO4QKcO9NRXL4GgdaZKojbprm__CB8JIbVJMHMCbBNAo4k2ocBj_0KLLC2-lwb3nBw6By1CdvCF66IbCaQWIlkqkJVHfGnvvTiEpRYX3uBRcqMrXVq4VO1bzFLGXdG0OwaKuGKp2rlROTp0LtSkQxoia_Q1uEbMNhV9GCR-4t2PXxAr5XGGoR-q7gxL5L0uybxFQxVsmfqlHtdmT7EFmxSaIrYtqb22O9ikaJQtbdGXI_fLGr_qdohKQCZTJk642ZwtOLrAFapTdInH79DzOdw7cW-QFDO6q-PSJ6Qlwtfep30DVCGEtMDxnFuEbWJ5SWZAElQabrrmrT2l1PmJyxU0aIzQhw2NeeJ-AzoL3v08yATNcKN6y9rR36KedCRJhF2qbPkpy3OJdvQ2fLhv5KXmoOCpjLk_m7D5Eplx9jVXluhmWd98q26MXcRXNGSVp7-rj14et1gRCZ1r-jkm44jkSzfLtAKANS_5AF7wSTSY7pLXqxAnIeEcqX7bm0TN1NdMAsCISAgZ7lmBrIVsiukUOwFWLhdw6YJNNeHUiK1jkaSaujsZNoL8GiDX1D0_8013_-kaAmivzc9bqk_e8bbYqprRIPkuLjACIvm0wmzcziqA2I8mY3Jf_0lE5FODZhvdEhh7lbtQiEFJrOTajNilAyGsxrPiDfLAkQcFd0zvA6wMOeebmlTgyAGqUL64aNBuoMLrbJH5Ux0WI8j9EjoeGhQGHLloZSLN73NnSwOVfiHcn6tP0vam5vBFegto0QbziukeulMZxb28k4MvQyKbGLlX7LeZp1kmrIqVBfduRm-xH0vKSenWxDbSq3OK3cPIw3hLxveMKwPHUB01kgRGH1GNtKVl5tlqjkMeid4rU6yiqama9UFUFOoRLyj7_yDZyDSWGskqBLti6LBBD1bPdQo8nQevH77Pq30k7VGTqjXuuUIQK-QHV3M1D05yX1MAMzyhPkcZf13wz6SDHW1GyRfPdfsyHQLwdLnc93gVa3UyxYhjSYqW8DVSdv9AGrZ1tnnFDpl9D5FRjXS-QtMjAqbNx3QVTs3qfwKmAyB0HCamGOmb0m8lSz2yryvSF-QhJi2eA1X7LbZOdMFZ2YzvRKYkYU1dGbz6E0hE9XpPpd4XNOeetZrz_O-8vqTvvxYz7J5cBYfp0ai6LkzuXZvP01Daoidk-LROwoO5kI7GDOWah_q4mXGgRwB9yjCZi36N715uzYyriKeTPGXEXvDCh3PLpcRrKqEdMdIPUKIVWaU8mq6UWjmp1NLYzbXfUJYwn8LEMq9uA8JEYugYrhL2N43-USQYcOfEglo0UKlvfnpcixWGbPtZTyIrW8OXoYwxslUpz8xCajlIcdhkhaKbLwwikCHeTCzVQltL37f8WR99HBRfYXwdLb3wP1KCc9ObHq4WEXmgub6LDCZJlqe5jKNEUD1DP89Nilbx76yNvJs9HNDsfeOiqkR9-stqPYS_Tskls8cjuD9wa_57mUihbQsoQa-Q5a1lMMNuO01BA0XfZDLZsSxfbio6MuOrq2hwH6d6FM6obrlOcqzBr0-dv0BE9Fwhp_Ny0H_E0ROd9kYzOvBh7DQipEaR9N7U8Su1Stv5-KSOxBLaJPhPRu7pmOOvcxg8fUEr8SJ0IM8oIevP7plD5oJJLXdALII4d-y8Qipk6H8VawFa_fb8Kcd1a5onhHPzj2pTqIiuThKzUHm5eSgJwOqEgSWSIRg8M6YYtlq19R4pAkMFa0UE3oI_bMzWi7yzVj0WQqj1d8HNxtV6i9fZbVJMKXIhNaHDHlogURf9cQLcbtUjJ87oimDL2vNOZb7dx0d-tH8tJpZTEpIY2qWxkCPioskfRoWfAW_-mNfh6bUYygaXkyed5JVQ-K_fPF15Zw9gsM8Gx4vvOpUHtqpSkPcdwIJGcCRTjPv2Af7EL4pT0njvX52cXsQBIVCaLKHAb36sRvguakp0gRWoo2dhnpbyKY1CcW-FfI2IXTQ5yclFF23-BbkxMUeh_Ogo2iC8WgutgJkq_wKLYGBVAI_wE_KiJBQPZ03sr-AFgoJ2bnKo6pIpxaEyc0htnS8p9C9Bt0micVoo6iGYfJlE6LtUveT_fERlby4PYxsniiD9vEtakZJrBra0l9j_F-7tj8oD-bFP5pqiqc44n34bKYnRQZrMSOQ2D0Wev6AmEs8VWp8IpBbPfb8dv3NSFlOWzDaMNwt6m6XWLOSJQD1AkCRDH9kaj36gumcAahgNhVFfFsjpcpG3yiD4So0IFwTj33SfRyNX4Z2J6p9F0yNoLTqF0Q2qf_5753hDVrIDH6d-JJg06AoFg1jmI8rVLKR79v5ZUatFNk8GaJW8K3ebnnhT4aYjow22_jRkoFEeHcQJSdlUAUTtogxIUv4DN4FGS8PKbNgmv0ZSrGK9cSl7a-e0zfsg13fLrnNlMFbUTJycVALgccb_1qr_zdEHo-CW2EOEvszt_RW_JqSYgFFfEnA-nC_xepkT6igf-7_2BWL1fWzhRFOiiOA9QxxA37O_kzqUpi1vSphfkK_gL3o3LDaPGAFuRSuub3o-9dsqgBhJflwvHVN4EHhw1hB_pgC5OZY3Y-p-PIMwe4kIgjGkTplGv7NHl8cLUQMx05tFaC-3G5HiHdZ36oW2TMcOGYqiwv94eL9clqtGoCnK-iD4KFvmPvd9Vq-nRs-BqnJFfT8M8jxlT3IBO1wwGK0QIYQH-EHaHWUO7SiVC5PUb8Jf8dRYel029dlO3Mk4HEJT7Yf0fUw9Dz4MaWTgvQk0uv1DDrs52c1K-xZ1n_4r5GeFat6IeoMMaXdKdnmKDr-5Nx2c6sH3mR71jseuCO7kpTNEKAaK-01eR85lnyQwdPXEfUpYd3ZfcYWP5-1JIgbsz0H7tYaGArOq_G7GT2uKRTLidRqfptRL_OwsCxXh9LDcZtj9jpx_L6UM_7ckaEkapldA2KK_jEuXV3FLDaZ7ZP7luN0i3_0_WT84fM9W1465WGI56sNg&cid=CAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fsalem-news.com%2F&ds=l&xdt=1&iif=1&cor=9385498792969679000&adk=250412561&idt=146&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 568556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjAyMjQ2NDI4MTkzNgogIHNlcnZlcl9pcDogMTgyNDc2OTM0CiAgcHJvY2Vzc19pZDogMzMzOTcxMTYxNgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 456E 0
588 B 63ms
60ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjAyMjQ2NDI4MTkzNgogIHNlcnZlcl9pcDogMTgyNDc2OTM0CiAgcHJvY2Vzc19pZDogMzMzOTcxMTYxNgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAzNDgyNzUyNjU5NTE2NTI2NzMyCmRlYnVnX2tleTogMTUxMjIyOTMzODQzMzM0MTE5MzUKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTEyLTA4IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIxNzQ4NDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIwODYzOAogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xf4cbdbb8ea70e6e90000000000000000","13":"0xe172d6c0703af0c20000000000000000","14":"0xa59dcb1530a9695b0000000000000000","15":"0x6409396f7758cabd0000000000000000"},"debug_key":"15122293384333411935","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"3482752659516526732"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame FEA4 39 KB
15 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 23:07:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 23:07:46 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 456E 12 KB
4 KB 86ms
27ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1702022463602474&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW-79P81yZeriJOGPvPIPq8-hgAOm5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAj5PGK7wGrI-qAMByAObBKoEmQJP0HwNW6ROAicizDfcWHd7rFKnuz47i9Qle9kIMrDvFkFBpR9oDU_BR910sWErT3txEf_PFx26dXbY0PF4MbOhrlpaxon8HjaA4AlUdpMojI_Fj88Vvf2bmdltivm1cyLCaJOltopJxbQ3T0MPEC1I_QXKFd3XWBkhxvXN3k-UbaQBOFN4DR7FB0SVQNS9YGQbOzgKZom72xhImNZtgOjRE7CZrq4OxxIxc0D_I1c36EKUISgBfr7JIT2VdXLUqnGlAL3ekbqkNg9p4Nt2LP29Vu4OrzUB6oHUqOHwwZkjteb2OJQGZl-mgVwppg40RF2IXMM_lPWni0A5ueS_Nif158apxNYjpnRsTT0mQVTIjt9n442xKkaSKcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljEu9vir_-CA4AKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ%26sig%3DAOD64_0-2F-Gl_qRkkFGAgl6wJKlpQDBBA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-AKHjlEvcgCbSxnqHqrw_X0NgMYZs_A9C6VfAwe5qhBxYE00Y7H099GPWpXkBcj0-_prGgriSLfiBwqFuUMGvYDTqrUlKhAD3a0hNUH7ehESzelFqWLh26CZeY8OqJ7rDRBKBkR_p1sGRsOkmxO28Q0Ow5Jp-C1mi0mjj89aBMyEhNUmtg%26cry%3D1%26dbm_d%3DAKAmf-DEu4HVpOl_ehDzhy01fTioZFnD9YML4ekAizR1ylgEnm6y1aNR-EWJeSUiOOGin204_7R3sOFt1Lsdq1IZDBUrefWHqSYrOI9iOe0GLn058i1JfjB-zbztA3QUM2YKMoiTfCnkOZ9I3JcDgziSpTvIiGxncPYQZ0o5x_O2jj-PlZmWd8v8aQZoxKzNoMKJFFmL_WO90wNQv7wG-opUYnY36w_E2K-u9L2Jei8sbmjMlMLHYgWpMrRe0CrDeqNKvBZgdI5NSRf68s2O8rVM6BZEBS__o66wAX1MMptrUJDDcEiSX02LvHnJPujmOMQxBaxTa5SyWcI-5ZkLQlgFUGz353KM_eic1Cby9BGndwvg5JauS-Xt6G5qkdLPhsejTGLahCuhL_l9WIQ7vmFlaCI55YbfebNDga0QSCi37EwA_SMJ_k3Y0kCw1QSnrj-RH4rVc0twtjzZEZv2Y_IC2bPctiVmyTPD33okqa_bV0mHwkc22SoFK1IOgavS9FBg2-wS6DO_-e86nDdse0tvhAglXziuhj2c6JmMHSI3PRN6yLWCC5M%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 947ddace4c6097bd951f40b63f66bc7be1d58e5ae6ea0a1b53239eb78ed77eaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:04 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4228
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 136ms
57ms Preflight
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 08 Dec 2023 08:01:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2B3F
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cvs2EP81yZdrwJbbvxtYPzfGQqAXfiuC6dP_rvcaAErnu8MiqARABILjmqwRglYKAgLgHoAGhwJjxKMgBCagDAcgDywSqBIECT9DKXbSJp-m5FtEEVJR3QmazAufWGWX6qBKNP8MlAXgfDER...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225826953734395658352%22,%22debug_reporting%22:true,%22destination%22:%22https://temu.com%22,%22event_report_window%22:%2225...

0
0

85ms
59ms

Fetch
text/css

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225826953734395658352%22,%22debug_reporting%22:true,%22destination%22:%22https://temu.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210974797857%22],%224%22:[%2212-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221974436140348391521%22}&andc=true

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"5826953734395658352","debug_reporting":true,"destination":"https://temu.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10974797857"],"4":["12-08"],"6":["true"]},"priority":"500","source_event_id":"1974436140348391521"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 08 Dec 2023 08:01:04 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"5826953734395658352","debug_reporting":true,"destination":"https://temu.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10974797857"],"4":["12-08"],"6":["true"]},"priority":"500","source_event_id":"1974436140348391521"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame 7AFD 51 KB
19 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=274575307&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=369&idt=482&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2922&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&dtd=484

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 10:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 250169
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 10:31:35 GMT

GET
H/1.1

200
OK

request.php Show response
hal900013.redintelligence.net/ Frame B6E8
Redirect Chain

https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

157ms
95ms

Script
application/x-javascript

116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476
Protocol: HTTP/1.1
Server: 116.202.48.214 Kerken, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: b9dfa7dd2ce09603d25d6f4c93fdc4b21deaa84ab7b38d5c7723e037d8facf9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 08:01:04 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 63972200028964304444550012532013
Connection: close
Content-Length: 1364
Expires: Fri, 08 Dec 2023 08:01:04 +0100

Redirect headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 08:01:04 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Fri, 08 Dec 2023 08:01:04 +0100

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v36/ Frame BB8A 18 KB
18 KB 24ms
22ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 17:39:00 GMT
x-content-type-options: nosniff
age: 310924
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18664
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:36:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Dec 2024 17:39:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 56CE 38 KB
13 KB 22ms
22ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 254979
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 09:11:25 GMT
expires: Wed, 04 Dec 2024 09:11:25 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame BB8A 0
128 B 111ms
37ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=S9IM0t_RqD24A3yDwnyA_-AIf1A18LKI8bx8maMv64I9mkGphQXyHw9mh-oeNVP2kZsEKe5DwiH2-qavhiuvmE_x2yQ_vkOCOSv2qmt91BRKJVac24kmyfJ3k18uPNL2J_PvaoomHnkXCfzGKV-YwvJSFRXDrFB1JMTzWOAO0YnpPjITawd_-qoLLz3pGltarGJw421JpJICuKLJoA4HnSX0Gjyd4IgXKZmVR40YgEM_ov3pFFazofG7mlLOJ2UBHooQQg&sds=2&rev=89682&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame BB8A 2 KB
1 KB 81ms
81ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame BB8A 2 KB
1 KB 82ms
82ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H/1.1

200
OK

request.php Show response
hal900029.redintelligence.net/ Frame 456E
Redirect Chain

https://hal900029.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900029.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

160ms
103ms

Script
application/x-javascript

88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW-79P81yZeriJOGPvPIPq8-hgAOm5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAj5PGK7wGrI-qAMByAObBKoEmQJP0HwNW6ROAicizDfcWHd7rFKnuz47i9Qle9kIMrDvFkFBpR9oDU_BR910sWErT3txEf_PFx26dXbY0PF4MbOhrlpaxon8HjaA4AlUdpMojI_Fj88Vvf2bmdltivm1cyLCaJOltopJxbQ3T0MPEC1I_QXKFd3XWBkhxvXN3k-UbaQBOFN4DR7FB0SVQNS9YGQbOzgKZom72xhImNZtgOjRE7CZrq4OxxIxc0D_I1c36EKUISgBfr7JIT2VdXLUqnGlAL3ekbqkNg9p4Nt2LP29Vu4OrzUB6oHUqOHwwZkjteb2OJQGZl-mgVwppg40RF2IXMM_lPWni0A5ueS_Nif158apxNYjpnRsTT0mQVTIjt9n442xKkaSKcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljEu9vir_-CA4AKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ%26sig%3DAOD64_0-2F-Gl_qRkkFGAgl6wJKlpQDBBA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-AKHjlEvcgCbSxnqHqrw_X0NgMYZs_A9C6VfAwe5qhBxYE00Y7H099GPWpXkBcj0-_prGgriSLfiBwqFuUMGvYDTqrUlKhAD3a0hNUH7ehESzelFqWLh26CZeY8OqJ7rDRBKBkR_p1sGRsOkmxO28Q0Ow5Jp-C1mi0mjj89aBMyEhNUmtg%26cry%3D1%26dbm_d%3DAKAmf-DEu4HVpOl_ehDzhy01fTioZFnD9YML4ekAizR1ylgEnm6y1aNR-EWJeSUiOOGin204_7R3sOFt1Lsdq1IZDBUrefWHqSYrOI9iOe0GLn058i1JfjB-zbztA3QUM2YKMoiTfCnkOZ9I3JcDgziSpTvIiGxncPYQZ0o5x_O2jj-PlZmWd8v8aQZoxKzNoMKJFFmL_WO90wNQv7wG-opUYnY36w_E2K-u9L2Jei8sbmjMlMLHYgWpMrRe0CrDeqNKvBZgdI5NSRf68s2O8rVM6BZEBS__o66wAX1MMptrUJDDcEiSX02LvHnJPujmOMQxBaxTa5SyWcI-5ZkLQlgFUGz353KM_eic1Cby9BGndwvg5JauS-Xt6G5qkdLPhsejTGLahCuhL_l9WIQ7vmFlaCI55YbfebNDga0QSCi37EwA_SMJ_k3Y0kCw1QSnrj-RH4rVc0twtjzZEZv2Y_IC2bPctiVmyTPD33okqa_bV0mHwkc22SoFK1IOgavS9FBg2-wS6DO_-e86nDdse0tvhAglXziuhj2c6JmMHSI3PRN6yLWCC5M%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=4744328274247&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434
Protocol: HTTP/1.1
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: f5d47ecb3c7be4b541c9f3de5d7e9598cffc4bec1d0add55a35604e3f7456812

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 08:01:04 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 73922800031251304444550012532029
Connection: close
Content-Length: 1328
Expires: Fri, 08 Dec 2023 08:01:04 +0100

Redirect headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 08:01:04 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW-79P81yZeriJOGPvPIPq8-hgAOm5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAj5PGK7wGrI-qAMByAObBKoEmQJP0HwNW6ROAicizDfcWHd7rFKnuz47i9Qle9kIMrDvFkFBpR9oDU_BR910sWErT3txEf_PFx26dXbY0PF4MbOhrlpaxon8HjaA4AlUdpMojI_Fj88Vvf2bmdltivm1cyLCaJOltopJxbQ3T0MPEC1I_QXKFd3XWBkhxvXN3k-UbaQBOFN4DR7FB0SVQNS9YGQbOzgKZom72xhImNZtgOjRE7CZrq4OxxIxc0D_I1c36EKUISgBfr7JIT2VdXLUqnGlAL3ekbqkNg9p4Nt2LP29Vu4OrzUB6oHUqOHwwZkjteb2OJQGZl-mgVwppg40RF2IXMM_lPWni0A5ueS_Nif158apxNYjpnRsTT0mQVTIjt9n442xKkaSKcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljEu9vir_-CA4AKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ%26sig%3DAOD64_0-2F-Gl_qRkkFGAgl6wJKlpQDBBA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-AKHjlEvcgCbSxnqHqrw_X0NgMYZs_A9C6VfAwe5qhBxYE00Y7H099GPWpXkBcj0-_prGgriSLfiBwqFuUMGvYDTqrUlKhAD3a0hNUH7ehESzelFqWLh26CZeY8OqJ7rDRBKBkR_p1sGRsOkmxO28Q0Ow5Jp-C1mi0mjj89aBMyEhNUmtg%26cry%3D1%26dbm_d%3DAKAmf-DEu4HVpOl_ehDzhy01fTioZFnD9YML4ekAizR1ylgEnm6y1aNR-EWJeSUiOOGin204_7R3sOFt1Lsdq1IZDBUrefWHqSYrOI9iOe0GLn058i1JfjB-zbztA3QUM2YKMoiTfCnkOZ9I3JcDgziSpTvIiGxncPYQZ0o5x_O2jj-PlZmWd8v8aQZoxKzNoMKJFFmL_WO90wNQv7wG-opUYnY36w_E2K-u9L2Jei8sbmjMlMLHYgWpMrRe0CrDeqNKvBZgdI5NSRf68s2O8rVM6BZEBS__o66wAX1MMptrUJDDcEiSX02LvHnJPujmOMQxBaxTa5SyWcI-5ZkLQlgFUGz353KM_eic1Cby9BGndwvg5JauS-Xt6G5qkdLPhsejTGLahCuhL_l9WIQ7vmFlaCI55YbfebNDga0QSCi37EwA_SMJ_k3Y0kCw1QSnrj-RH4rVc0twtjzZEZv2Y_IC2bPctiVmyTPD33okqa_bV0mHwkc22SoFK1IOgavS9FBg2-wS6DO_-e86nDdse0tvhAglXziuhj2c6JmMHSI3PRN6yLWCC5M%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=4744328274247&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Fri, 08 Dec 2023 08:01:04 +0100

GET
H2 206 813ca44bd1fd45d8a09c146884bab503_e3cb6ce7c52888651eef397e58771aab.mp4
static.criteo.net/design/dt/19906/220623/ Frame BB8A 26 KB
27 KB 38ms
38ms Media
video/mp4 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/19906/220623/813ca44bd1fd45d8a09c146884bab503_e3cb6ce7c52888651eef397e58771aab.mp4?ibv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b23a9ff408dba1959c07f65527e8cdcb3aa53676c2d439a2813ee09667c03004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Range: bytes=884736-

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 23 Jun 2022 13:29:20 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "62b46ab0-de91a"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 884736-911641/911642
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 26906
expires: Mon, 02 Dec 2024 08:01:04 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 57ms
57ms Preflight
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 08 Dec 2023 08:01:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 56CE 39 KB
15 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 23:07:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 23:07:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FEA4 0
20 B 60ms
59ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bbd0aQM1yZYyZC-qg9u8PuKyxoAsAAAAAOAHgBAI&bg=!ZmWlZSrNAAY3kmNgF5I7ADQBe5WfOEWUgETiA_pqIvelx3qUs7OSCdUYYt4LwAYqTu6OJlrqVRjjCBD1sUBcZ7HuEDueAgAAAG5SAAAAAmgBB5kDFxgdGfLi_5qTvt8zNcZWKrGQLsqzFs8iclVaAqLzJbOnciudvZcY4WyAY8BS1YnWoLUT-DbGupvY6TJWiUP8ohou0oFbefdBS8LTFbZjbH9FcmwJDm1JgMHuxHvE0NIvJaVG4BQq3yFJMp_IpYrkpsnTslluEYTtsvE_TjC41OYjqiO0h0_J1vC78SwR6Wzt6pDwMAkqV0qPIj40l-Y7Bzmgh3YDWmXfEdoujn7P-f5mIpVpzp800MiMUxNK8QnsYFN4kw6QkS02_-YV3wdHA3y0JQy6pkug9tG6nNWdRViNyso1WVg1gRXhFkCmbwGKbd276cJpO81vgA6u1uOR7ix9yKV4vlERAnmVOC5RcFPQuXEJ0hAEj0Y1QH2TlUm1kJ3oTQY7V47na32Adu1anh_HJsuvhmrj64c_KtvohhhK4I_L4fnjA20oG-TWr7TL5mZGIYIwYmBZr6XpNriA3TTAg0vLLDuTEYAqyzjI_ic8mAd7eOoplrdV0aemUbAxils9DyoGawJzunvNX0GB_8nGqZZr6FVCQ6_jyeW1_fl6wtFQSIXLdVHBPrrAf-F8EuENPULgRVomc2DVd4UN7EAQPPC3cpKEFjqGcpsWGGpTKa0nedHmT0ox53atY5Ntm8khRThQiS4iLFK9RR8oGQZhNiXOzgyXAo19rrHo0TM7UM4lF7HCIzo9i-DOKoIpO5OmbAcJbdir5-tvqHsBbCqJxUSFABIljGtReXIJK_cgnBULLcB46cwKzsZ9acTezPdyolAFqbDpzUmC4IpZBWVlD47ACYP33PzaZhM-iPQXs5nNSPEI5bLnrTaq0z5ufLhtcEwruxgS2lW3qV-I5PFJWRHa2J_qJhBKjLgV3rwEqiFtYCFDn83Qjo2UsmA2yweR85c8FhAvODqJcui1fTVvenkWzqscaYVCNlqHkVgdJ7pAOfssuYqJRs4iHop53SwEBpQPvdEvAG_vd9vPKXNFYGRZrjlDopLqUIv_Mr66MV-PMr5Qg5t9mWL0pK9rDZ0AOT5LFzyP5rgZLftaXABZ9B_7TWRC

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 813ca44bd1fd45d8a09c146884bab503_e3cb6ce7c52888651eef397e58771aab.mp4
static.criteo.net/design/dt/19906/220623/ Frame BB8A 730 KB
0 38ms
38ms Media
video/mp4 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/19906/220623/813ca44bd1fd45d8a09c146884bab503_e3cb6ce7c52888651eef397e58771aab.mp4?ibv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Range: bytes=163840-

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 23 Jun 2022 13:29:20 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "62b46ab0-de91a"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 163840-911641/911642
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 747802
expires: Mon, 02 Dec 2024 08:01:04 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame A043 0
19 B 63ms
63ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7KwkP81yZezRLejQxtYPtZSdmAXJntKxXNWdkfdwwI23ARABIABglYKAgLgHggEXY2EtcHViLTYxOTUwNjM1MjEyNDE5NznIAQmpAmJck68wGbI-qAMByAMCqgT1AU_QGSPFMXZKfpA9jPgIQ4IOz3nfOoAnTN8AAHJdnb4kur7HwDA_XFrowMkuIsdvQOFSriq_nwcxdemR-QIiT3eItB1SzOTn2g98pUREQwycTxr-3c1d50Z0FCZQf1CbgWGfHcf-A5LhOD1yV6jLwz6S3mzJNuazagTm6uM4iwovL0SwsFBnye2tyK0VfmIKhhM-5_Ib8M_bwGNXXSvQzpB4rvWb2XyKqvLByUo6Pyzwd0S9Bbhuc-QzX5Awp-CZk9461UShaiOCO0olBvcUtAp1m1pLt2oVu1v1Jo36v6Gs6D0UTHY9WSa3MmyibdyuYVM5yIkHgAb4heXCq4vgsYIBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WMye5OKv_4IDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTYxOTUwNjM1MjEyNDE5NzkYAA&sigh=Ih3VFUHhMro&uach_m=%5BUACH%5D&cid=CAQSTgDICaaNpHxaBDfoSVsS34R4SyrX27mIjhno7fupQGjaSWL_NkDWg4EQiA6BQJCSJt6xIW96koyJGJdzKkthvDQzls0PkU-kXF-g01xhVBgB&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame A043 0
126 B 116ms
37ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kez_GN6BMNgFWp2DYgICAAAAqYU-T9fy55x50FEvED_NcmVMXhuAc346b4L3AAASAAAKCkFRVURBUUVCQVE&wp=ZXLNPwALaOwE0ahoAAdKNUWaFuq3yyY55N206w&cbvp=2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:03 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 158777
server: Kestrel
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 56CE 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BRxZIQM1yZdCaEYbBgQeA6b-4DAAAAAA4AeAEAg&bg=!eHulezTNAAY3kmNgF5I7ADQBe5WfOJ6Ig_MZXYjYQ9SgvHAtgzkulNvMoLQtlhh5qnbJjeKEGG9BAwzjsK99jXFHTd3bAgAAACtSAAAAAWgBB5kDLmGp39-f4wyltXEm3f-_6kNvgiJDUajDJE457fraFTlMW5o3aOWdDyDjjaR0Vr6s-D4AfuKokRV6oiQFFO_V4eveJuuCNIF3uBzP8bya8G5QdIzcrfov2JvNZBVayZstzapJLvVAVsAtcVAhOA7EXsG2pJGVdOMTnpk47hU2Zr5m7UQqjuvtPzobEjy9BG4IiCa8UvZqZSnvrvnVyixqVUWrVC3IMDawaRPN9xpIgsdkx-fAMUAacSFfC5L-bvJx2CBFGZ3ZjL5JY4XiJ0rIu4emBl0gqJZL2vPPeQL9WxrM4flV-KNcu8zpU53IU9PvkseOSgWM0rUEdR1RL30F_vldgVrvEV6OQb66XyBuVTNIiHofO_8xo95uM-lJ4Bn0-rpgtEKXcbK5VOCvqnQMdqPpzalc-n-trGv2ysY7QUn2Jj460P2nreW6VTRk-2sP3PuleV4gNodGx_hsfkIcO4IahCiN61AV11UrCV0UpyNCVpKMWWJtUnryIOG3tVhG-6glpWh5fTKWluHZeQxQSwXYCcVRYW81pZVwL4QQaLV-VEU1bcPrRVALZBg8WsrRfg2bkBVkmU5wMF1vY_fu6L2SpH-igLj8CsDacBfDnj42OB3tjXw3yzIhc1ljvO0sq4S3v0-eUavdufaTy__IpObl3i7jtfFLQReJBqjWOKBIRYi_Z28HBKMSqgzeZf8X8B-stH1oGq-4Vx1L2IQBhIjW3ekiThwvrOoSufdLXMvb33yPKp1bZhLYsd3u1gkV2IHf5Eu2WF722tgE4W_oQNqI1jI7aInQjxNtHixqQLPBUiE8T1a3V-B_fqg1W9_HGOgqsF8qHaXm_9gJA3Fxy3L5QxKx81AxyhPIDN3_tT829glSuoFdUqMFOXorCTyfkig0OL0kQ5gVewBk4CkOXIf2J84qSIlrIUXVqtiRfzIPUn34UgmYUt5bArOmNt1YS9xlVh85Gyj5MmtCHm4004BzUepUAEm0fXM7odK5Az-T4VC_2pygAwiauKxZbqRdsnYEG6AE1YnQB_nlUE4THnfvz_eDQya1J8UFTz-QvJwigAbn89EUEMTKLX5TAco

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame 22CD 930 B
923 B 135ms
21ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Fri, 08 Dec 2023 08:01:04 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Fri, 15 Dec 2023 08:01:04 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame E4D3 0
327 B 249ms
132ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=63972200028964304444550012532013&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Fri, 08 Dec 2023 08:01:04 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H2 200 link.html Show response
track.webgains.com/ Frame B6E8 2 KB
2 KB 218ms
101ms Script
text/html 13.42.211.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=63972200028964304444550012532013&nw=1
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.211.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-211-181.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 9e573ccf8e367e68c531dc8bcbc5efd89c795c8c1f565d6427b5b72bb5315ebb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
last-modified: Fri, 08 Dec 2023 08:01:04 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Fri, 08 Dec 2023 08:02:04 GMT

GET
H2 200 e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame B6E8 0
326 B 265ms
148ms Script
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=63972200028964304444550012532013&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 0
proxy-host: pv.medialead.de

GET
H2 200 e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame B6E8 43 B
360 B 270ms
154ms Image
image/gif 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=63972200028964304444550012532013&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B6E8 43 B
702 B 230ms
89ms Image
image/gif 104.64.118.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=63972200028964304444550012532013&pv=1

Requested by

Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=0c866a917c&subid=&uid=d36f3e2399a06856&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrTB6P81yZZz9JLObxtYPnJSNoA-m5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAmJck68wGbI-qAMByAObBKoEnwJP0LA_TsP-JRYzwI-SiLv3aRZb-VLSr7w8n9a-vBklI7yIjXOdYQIxxQXWWOtDaeWxxXxitNnvfoA5FDi5AITLL0m7V1LedjxO_CXBb3x65mdBkMySdWf48pkcK_errr9D1_ur2E3ywGdorCFCoVz_sCv0pRxXQ2P-H3NeK5Hs1EsT78UeW1rTxwCBPSGv8izosa7GrsDKBLIKigJD0DwSwnjcC2YN_KtP977IBu0OD4bMWvozDtGnCKpjBL6KxAUhCraUZiL1AxnxW6QHZqcl-EllT55cuakXxwNQJYPweQ9UTUQhoMv7heGXaaSpW5edsHkHjM1f5crYB9N5Ju2XJJtmA72-5Uid2rvz050Sy_nY6jnFDT3dP28MGKw3hcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljTydvir_-CA4AKAZgLAcgLAYAMAaIMFCoSChDktLEC7rWxArW4sQKsurECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNPspy0RYL7FCCxh90NADwhwScVQRhK7e_ftt0UJkF51KUOMgOIijhoTLPYxo_B8XwsN5w6whhAwk_49oqHgcsAo1iUEYM3LOVvBgB%26sig%3DAOD64_2dgnkDqdk4vmD_vGMur8BGUz9BoA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-BAYz8ec8OdYL9zvwRnLk7iEAeqLraI6iVZeZJKl6ELEC5MOP9-mjG8cwKj0G-4v8d2_-b4pbC6j2UlCwTzwoJQrjSU6MwUtZzpmPycnc6z-PfiKtzzeTs-CoeQwq6XZ9Wj30H0edaGvhpLSP8F0-5iQ0zvG1ILeAkJLplLZrgpOMdWwKw%26cry%3D1%26dbm_d%3DAKAmf-BQar9aOm3aRfp9JeviMsvGWhiZc99rxnJNoeSVLm0u7oNIij4FSdXyJZqT3HjHSFcxc5yhZIa5uKn-d1q_BGnq_oTRlcdnQS-nfQ7lEd87Js-qrg1cKmcJjWa0r4l3diKBvunMx-p08mr8Faai3kOPnDs05cX4OabXZUhxpBhU4yWPFrOxDgCYLugVz1L-BVp1SENSgy2t9N3GT0wZjV_aBt024rGOYOp1HBwCwdK6aRfGJShRVVZKN5fRD8wNXAXxKn7d4Btc-k99nwmlh1OPMeIsLNAgu--AjqOZV0YdK3bUAeW7_1AGhg2T5-IMcyk-sdgHKVd_iCr67AWKevQnlJ4wt40mAU6gKLmsjV7GIbS1Vra9mMicqGvjA9MunV2mppWHMChOnM_qn9tSMj5LIHBNIz-L5EjQxIA3DVWaVGSmFGZ9n3oIMLKnnnIkQfJoOwLI19O6HD64mFtAxOap5gJ55g6QBcvH0o0cnVGcX6FIOyAWQk1tnWsIyMTUYB9up0WKgC7QEJu7S4qXFAi1nERKxxgn1nFLGShps7Ewy9JoGwQ%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=8985199759489&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.64.118.247 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-118-247.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 08:01:04 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 / Show response
adv.office-partner.de/ Frame 7ACB 930 B
922 B 25ms
22ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW-79P81yZeriJOGPvPIPq8-hgAOm5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAj5PGK7wGrI-qAMByAObBKoEmQJP0HwNW6ROAicizDfcWHd7rFKnuz47i9Qle9kIMrDvFkFBpR9oDU_BR910sWErT3txEf_PFx26dXbY0PF4MbOhrlpaxon8HjaA4AlUdpMojI_Fj88Vvf2bmdltivm1cyLCaJOltopJxbQ3T0MPEC1I_QXKFd3XWBkhxvXN3k-UbaQBOFN4DR7FB0SVQNS9YGQbOzgKZom72xhImNZtgOjRE7CZrq4OxxIxc0D_I1c36EKUISgBfr7JIT2VdXLUqnGlAL3ekbqkNg9p4Nt2LP29Vu4OrzUB6oHUqOHwwZkjteb2OJQGZl-mgVwppg40RF2IXMM_lPWni0A5ueS_Nif158apxNYjpnRsTT0mQVTIjt9n442xKkaSKcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljEu9vir_-CA4AKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ%26sig%3DAOD64_0-2F-Gl_qRkkFGAgl6wJKlpQDBBA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-AKHjlEvcgCbSxnqHqrw_X0NgMYZs_A9C6VfAwe5qhBxYE00Y7H099GPWpXkBcj0-_prGgriSLfiBwqFuUMGvYDTqrUlKhAD3a0hNUH7ehESzelFqWLh26CZeY8OqJ7rDRBKBkR_p1sGRsOkmxO28Q0Ow5Jp-C1mi0mjj89aBMyEhNUmtg%26cry%3D1%26dbm_d%3DAKAmf-DEu4HVpOl_ehDzhy01fTioZFnD9YML4ekAizR1ylgEnm6y1aNR-EWJeSUiOOGin204_7R3sOFt1Lsdq1IZDBUrefWHqSYrOI9iOe0GLn058i1JfjB-zbztA3QUM2YKMoiTfCnkOZ9I3JcDgziSpTvIiGxncPYQZ0o5x_O2jj-PlZmWd8v8aQZoxKzNoMKJFFmL_WO90wNQv7wG-opUYnY36w_E2K-u9L2Jei8sbmjMlMLHYgWpMrRe0CrDeqNKvBZgdI5NSRf68s2O8rVM6BZEBS__o66wAX1MMptrUJDDcEiSX02LvHnJPujmOMQxBaxTa5SyWcI-5ZkLQlgFUGz353KM_eic1Cby9BGndwvg5JauS-Xt6G5qkdLPhsejTGLahCuhL_l9WIQ7vmFlaCI55YbfebNDga0QSCi37EwA_SMJ_k3Y0kCw1QSnrj-RH4rVc0twtjzZEZv2Y_IC2bPctiVmyTPD33okqa_bV0mHwkc22SoFK1IOgavS9FBg2-wS6DO_-e86nDdse0tvhAglXziuhj2c6JmMHSI3PRN6yLWCC5M%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=4744328274247&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Fri, 08 Dec 2023 08:01:04 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Fri, 15 Dec 2023 08:01:04 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 8EF4 0
326 B 137ms
132ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=73922800031251304444550012532029&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW-79P81yZeriJOGPvPIPq8-hgAOm5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAj5PGK7wGrI-qAMByAObBKoEmQJP0HwNW6ROAicizDfcWHd7rFKnuz47i9Qle9kIMrDvFkFBpR9oDU_BR910sWErT3txEf_PFx26dXbY0PF4MbOhrlpaxon8HjaA4AlUdpMojI_Fj88Vvf2bmdltivm1cyLCaJOltopJxbQ3T0MPEC1I_QXKFd3XWBkhxvXN3k-UbaQBOFN4DR7FB0SVQNS9YGQbOzgKZom72xhImNZtgOjRE7CZrq4OxxIxc0D_I1c36EKUISgBfr7JIT2VdXLUqnGlAL3ekbqkNg9p4Nt2LP29Vu4OrzUB6oHUqOHwwZkjteb2OJQGZl-mgVwppg40RF2IXMM_lPWni0A5ueS_Nif158apxNYjpnRsTT0mQVTIjt9n442xKkaSKcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljEu9vir_-CA4AKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ%26sig%3DAOD64_0-2F-Gl_qRkkFGAgl6wJKlpQDBBA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-AKHjlEvcgCbSxnqHqrw_X0NgMYZs_A9C6VfAwe5qhBxYE00Y7H099GPWpXkBcj0-_prGgriSLfiBwqFuUMGvYDTqrUlKhAD3a0hNUH7ehESzelFqWLh26CZeY8OqJ7rDRBKBkR_p1sGRsOkmxO28Q0Ow5Jp-C1mi0mjj89aBMyEhNUmtg%26cry%3D1%26dbm_d%3DAKAmf-DEu4HVpOl_ehDzhy01fTioZFnD9YML4ekAizR1ylgEnm6y1aNR-EWJeSUiOOGin204_7R3sOFt1Lsdq1IZDBUrefWHqSYrOI9iOe0GLn058i1JfjB-zbztA3QUM2YKMoiTfCnkOZ9I3JcDgziSpTvIiGxncPYQZ0o5x_O2jj-PlZmWd8v8aQZoxKzNoMKJFFmL_WO90wNQv7wG-opUYnY36w_E2K-u9L2Jei8sbmjMlMLHYgWpMrRe0CrDeqNKvBZgdI5NSRf68s2O8rVM6BZEBS__o66wAX1MMptrUJDDcEiSX02LvHnJPujmOMQxBaxTa5SyWcI-5ZkLQlgFUGz353KM_eic1Cby9BGndwvg5JauS-Xt6G5qkdLPhsejTGLahCuhL_l9WIQ7vmFlaCI55YbfebNDga0QSCi37EwA_SMJ_k3Y0kCw1QSnrj-RH4rVc0twtjzZEZv2Y_IC2bPctiVmyTPD33okqa_bV0mHwkc22SoFK1IOgavS9FBg2-wS6DO_-e86nDdse0tvhAglXziuhj2c6JmMHSI3PRN6yLWCC5M%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=4744328274247&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Fri, 08 Dec 2023 08:01:04 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H2 200 link.html Show response
track.webgains.com/ Frame 456E 2 KB
2 KB 168ms
102ms Script
text/html 13.42.211.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=73922800031251304444550012532029&nw=1
Requested by: Host: salem-news.com
URL: http://salem-news.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.211.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-211-181.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 394f50ac049d8dfe73a70d180c539192287cf6bf65c87f8cf63a3074e981c790

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
last-modified: Fri, 08 Dec 2023 08:01:04 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Fri, 08 Dec 2023 08:02:04 GMT

GET
H2

200

activityi;dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874 Show response
5994599.fls.doubleclick.net/ Frame 5DBF
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874?
https://5994599.fls.doubleclick.net/activityi;dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874?

392 B
324 B

72ms
69ms

Document
text/html

172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874?

Requested by

Host: salem-news.com
URL: http://salem-news.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f198.1e100.net

Software

cafe /

Resource Hash

72fdf1cdc760f744e5c5400868abd6f08a165c0783e7b2ee37e750168b11aff2

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:05 GMT
expires: Fri, 08 Dec 2023 08:01:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900029.redintelligence.net/ Frame 4940 7 KB
2 KB 93ms
28ms Document
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request_content.php?s=73922800031251304444550012532029&a=bb27e413
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b370d48f34&subid=&uid=98c9f116ad892d70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW-79P81yZeriJOGPvPIPq8-hgAOm5b2gaYWVnKfJD_AuEAEguOarBGCVgoCAuAfIAQmpAj5PGK7wGrI-qAMByAObBKoEmQJP0HwNW6ROAicizDfcWHd7rFKnuz47i9Qle9kIMrDvFkFBpR9oDU_BR910sWErT3txEf_PFx26dXbY0PF4MbOhrlpaxon8HjaA4AlUdpMojI_Fj88Vvf2bmdltivm1cyLCaJOltopJxbQ3T0MPEC1I_QXKFd3XWBkhxvXN3k-UbaQBOFN4DR7FB0SVQNS9YGQbOzgKZom72xhImNZtgOjRE7CZrq4OxxIxc0D_I1c36EKUISgBfr7JIT2VdXLUqnGlAL3ekbqkNg9p4Nt2LP29Vu4OrzUB6oHUqOHwwZkjteb2OJQGZl-mgVwppg40RF2IXMM_lPWni0A5ueS_Nif158apxNYjpnRsTT0mQVTIjt9n442xKkaSKcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljEu9vir_-CA4AKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNU0hbIRldiGC0poypw-vWj-TpaUU031X7VpQoIluTwWwsLItVxRH4J3Kwx5waH2GoWvzGHFCf2meT8_caEKv2XoXbYgCGZkCkoSEYAQ%26sig%3DAOD64_0-2F-Gl_qRkkFGAgl6wJKlpQDBBA%26client%3Dca-pub-6195063521241979%26dbm_c%3DAKAmf-AKHjlEvcgCbSxnqHqrw_X0NgMYZs_A9C6VfAwe5qhBxYE00Y7H099GPWpXkBcj0-_prGgriSLfiBwqFuUMGvYDTqrUlKhAD3a0hNUH7ehESzelFqWLh26CZeY8OqJ7rDRBKBkR_p1sGRsOkmxO28Q0Ow5Jp-C1mi0mjj89aBMyEhNUmtg%26cry%3D1%26dbm_d%3DAKAmf-DEu4HVpOl_ehDzhy01fTioZFnD9YML4ekAizR1ylgEnm6y1aNR-EWJeSUiOOGin204_7R3sOFt1Lsdq1IZDBUrefWHqSYrOI9iOe0GLn058i1JfjB-zbztA3QUM2YKMoiTfCnkOZ9I3JcDgziSpTvIiGxncPYQZ0o5x_O2jj-PlZmWd8v8aQZoxKzNoMKJFFmL_WO90wNQv7wG-opUYnY36w_E2K-u9L2Jei8sbmjMlMLHYgWpMrRe0CrDeqNKvBZgdI5NSRf68s2O8rVM6BZEBS__o66wAX1MMptrUJDDcEiSX02LvHnJPujmOMQxBaxTa5SyWcI-5ZkLQlgFUGz353KM_eic1Cby9BGndwvg5JauS-Xt6G5qkdLPhsejTGLahCuhL_l9WIQ7vmFlaCI55YbfebNDga0QSCi37EwA_SMJ_k3Y0kCw1QSnrj-RH4rVc0twtjzZEZv2Y_IC2bPctiVmyTPD33okqa_bV0mHwkc22SoFK1IOgavS9FBg2-wS6DO_-e86nDdse0tvhAglXziuhj2c6JmMHSI3PRN6yLWCC5M%26adurl%3D&documentReferer=http%3A%2F%2Fsalem-news.com%2F&ancestorOrigins=http%3A%2F%2Fsalem-news.com&random=4744328274247&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 37ad81a6aefd33e14f73fcce7da7e92dbaba9f941f265b1ed8cefab97eee02d7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2083
Content-Type: text/html; charset=utf-8
Date: Fri, 08 Dec 2023 08:01:04 GMT
Expires: Fri, 08 Dec 2023 08:01:04 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2

200

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 456E
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=73922800031251304444550012532029&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=73922800031251304444550012532029&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
360 B

130ms
130ms

Image
image/gif

91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=73922800031251304444550012532029&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434
Protocol: H2
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=73922800031251304444550012532029&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Fri, 08 Dec 2023 08:01:04 GMT
server: nginx
content-length: 138
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 456E 43 B
702 B 189ms
99ms Image
image/gif 104.64.118.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=73922800031251304444550012532029&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.64.118.247 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-118-247.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 08:01:04 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 456E 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa102067e432416a5d676554f0657468f05cd1dbefd98e4dd38f06c1b96dd0dd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 22CD 175 KB
63 KB 34ms
33ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6df74be46d98203c646feed9b634f98d33fbe7826f0e89814cdecfa145fdd483

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64105
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 7ACB 175 KB
63 KB 43ms
43ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

78cd70b2b526a332fa419aa8aad69cab0b47ecc56a5400a978c770d2e89f194c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64123
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 22CD 274 KB
91 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ff934cd7d0b18ab7e48a1dbf8798aa2499c10bee7a9d2ff200aae76885ed12f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93074
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 7ACB 274 KB
91 KB 46ms
45ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0abb03c6e80a7a02e9baf0b9de3c484bf038585e6f664cda8d8148bc51439ece

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93077
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4940 2 KB
434 B 47ms
46ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=73922800031251304444550012532029&a=bb27e413

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 08:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 07:27:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 08:01:04 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 4940 9 KB
9 KB 80ms
26ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=73922800031251304444550012532029&a=bb27e413
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ccbbff502a3f290561f1e5feefc0a6a5cfaea286e9b689669e6b1fa40d567f96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9246
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 4940 10 KB
10 KB 191ms
134ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=73922800031251304444550012532029&a=bb27e413
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 30ba39bb051bf89b6734136cdfea849c768820903b6d84535f622516ed1ea7f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 4940 7 KB
7 KB 195ms
135ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=73922800031251304444550012532029&a=bb27e413
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fa69232a7b6aa7cead50808993bae749aebef8df64536c19d031f8f8b1425fc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7117
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame B6E8 53 KB
19 KB 217ms
28ms Script
application/javascript 18.66.147.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=63972200028964304444550012532013&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-41.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 01:58:47 GMT
content-encoding: gzip
via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 21739
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: pfuQA_KROcRxJVCgC2XyKJcNLz0hAdIneTQAgRbd2V3TICI3RHNFng==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame B6E8 3 KB
3 KB 213ms
24ms Image
image/png 18.154.63.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1702022764&Signature=Qd~~4FBHKB9zVRdCq47drxPQvYwVF23S7OOkce-NjIxPZoId6x5RbPrUL6xDoy~CXkV5JBwRM3X17W1dBCbLBNr0~QkUboY0yaRIsVTnT1POR-RFK7X1xpoUv7gcqH1cJMDToKYNxLWkbDIsjqLOAanMP3qamVHTkpCINIuRfHqRC-tZFByyijglaMDXn0xEBsFkbF9OsXqiKNYQG024XIaLuJepzsJNiPouHBZz7dtRiNk8mF4zip9XoW7HoOA3es1nwlcFYknfj2eOAnq6MloOB8Q1mvAJrsE4jmHa7skh~iP-mKgLVp2m-ae4wU7fi9fkuGl4L9q5EB4SJfCJ~A__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-54.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: null
date: Fri, 08 Dec 2023 03:43:00 GMT
via: 1.1 c56940b696de15630f45de7e4da7bb32.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
age: 15496
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: fmuQrnaxMVVZdDGrKRCMaM-EkYXl6znbcZQ6UciIdeUXXVlZSP1HDg==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 456E 53 KB
19 KB 214ms
25ms Script
application/javascript 18.66.147.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=73922800031251304444550012532029&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-41.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 01:58:47 GMT
content-encoding: gzip
via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 21739
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: pajLEoWnSHpV_ahU6Iqshq3WKRJoIyckJnwGMLfV26J32j6aWESGjg==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 456E 85 B
439 B 212ms
24ms Image
image/gif 18.154.63.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1702022764&Signature=HXLRZ0eAYuTVTtaEDWipGsyllGOLqyUf-wKO7iqLfRN~BOvUGF7ITu3sZfg4opLL~7TCzkA5kOVZ5a95x37-3Hv65X3FDkjNGXoxWJyAoiBNes0JNgs1GoKWGcCEe5tA5RkUUY7bQhLfJggda0rU9tmXQBIM7ATMV3TGb~SsRBEUDsMaAowjtHAxHwmwB~hx27xLAdvAorsCHJM2ZnD3kEei94hD9DvVO6w86drT1OAcxxiUZu1QvOTkm3AOBjsNHLnv5bY0KQtCg-jlw-yszGmJfky-CjvQttrwbfrHxgqhfso83K1e6fEoElng~gzL5F42Z4lvHV9M9a3Y2CIzbw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=175599284&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463048&bpp=215&bdt=366&idt=423&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=1879&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=434
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-54.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 07 Dec 2023 10:08:26 GMT
via: 1.1 c56940b696de15630f45de7e4da7bb32.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
age: 78761
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: 0Me1YWfxxecNribZFyHvEIBlSgJGGvPnCyXUFI7pRVnvtJvG8ie4Fw==

GET
H/1.1 200
OK viewability Show response
hal900029.redintelligence.net/ Frame 4940 0
150 B 89ms
29ms Script
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/viewability?s=73922800031251304444550012532029&a=aa603091&vb=m
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=73922800031251304444550012532029&a=bb27e413
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/request_content.php?s=73922800031251304444550012532029&a=bb27e413
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:05 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3

200

activityi;dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113 Show response
5994599.fls.doubleclick.net/ Frame DBFF
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113?

391 B
240 B

67ms
66ms

Document
text/html

172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f198.1e100.net

Software

cafe /

Resource Hash

f3754a3b3da84bda6758b6a962befbf42885e875e1e83d177fcfbc2f71ed2615

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:05 GMT
expires: Fri, 08 Dec 2023 08:01:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900013.redintelligence.net/ Frame 9812 7 KB
2 KB 81ms
28ms Document
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/request_content.php?s=63972200028964304444550012532013&a=1ede38ce
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=3848876819&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463049&bpp=215&bdt=368&idt=435&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=2239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=476
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Kerken, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 9121181ae00e984d5ff558b8cd1d02388950cedbd4dee523cc27323ad7f2a607

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2086
Content-Type: text/html; charset=utf-8
Date: Fri, 08 Dec 2023 08:01:05 GMT
Expires: Fri, 08 Dec 2023 08:01:05 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame B6E8 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7883f5678f845e2d710e384ba585bbf814beb44ee1c090261fe4ce4b6a3a1d78

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 9812 2 KB
434 B 30ms
29ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=63972200028964304444550012532013&a=1ede38ce

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 08:01:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 07:31:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 08:01:05 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9812 9 KB
9 KB 74ms
26ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=63972200028964304444550012532013&a=1ede38ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ccbbff502a3f290561f1e5feefc0a6a5cfaea286e9b689669e6b1fa40d567f96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9246
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9812 10 KB
10 KB 80ms
28ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=63972200028964304444550012532013&a=1ede38ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 30ba39bb051bf89b6734136cdfea849c768820903b6d84535f622516ed1ea7f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9812 7 KB
7 KB 81ms
27ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=63972200028964304444550012532013&a=1ede38ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fa69232a7b6aa7cead50808993bae749aebef8df64536c19d031f8f8b1425fc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7117
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874
adservice.google.com/ddm/fls/z/ Frame 5DBF 42 B
401 B 107ms
59ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=COajsuOv_4IDFZNCkQUdTdwC5w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=422578840845.70874?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900013.redintelligence.net/ Frame 9812 0
150 B 79ms
27ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/viewability?s=63972200028964304444550012532013&a=196eb0cf&vb=m
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=63972200028964304444550012532013&a=1ede38ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Kerken, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900013.redintelligence.net/request_content.php?s=63972200028964304444550012532013&a=1ede38ce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 08:01:05 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 11FE 42 B
64 B 100ms
59ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgAN78VvKAK9H7SKbWVuwaBie-vucsf61jtpaSkhvDBiG5-5Ykd4RwuzjjJkArxN8XLSfBtGV1mLaQ875B9WqKmkVYlTrStjFmuKywNFOFn3pVlTbzkg10v8Se5CVorTUUvR0nkT8HLjsINMbpwbq2wAYd4rQ_x-9hOp3EWeJUx_6hV2qiMCSVOmBnJI3gMbKyyYt9pua1rmpUbhRjkkHa8-4caKhkgtTF93kVlBvUej1neRbWMLEJPMpqWAleBPAZt65v0FE81cjcg_FSzp5CgZ0t4jayz4Nj8MAq6YEZE8WmZshRkItrEdR8QcPQigaUai5S9Vna3uZyOsIlRYrZJxHnKZHi0-vSGf8fJk-BVxdOONZivp1S8PT23G0gtwm38Wk2Gv20x_jdh3gacst300-k3RWRcM1h11N7J0vfqY4pjOYZrmcUIcQ61ZGUIxnh9EWJK92Al0KttxqxA07nA-BMamtF7rwEF0GfwxgkO7AboLiyTLc3rJGe1iW_GATEYeomilIPrtkGQmQd86MrjRMBhvgIfU7dpKdn3U4hV_x23zVLLcvWvufPADt2zxY_v5ut0jD9ixLCaIkaMhOdDP1fv-VRcEfhgb0YRTcvwkUSgyym58mTgQGHkrTFyiVmkFCUxzM75VicdxkHFsvP6vYU_xKW0fXvSbdoGIvhQ8jdFO8I9O3ffg2uY-RmE3fIo4WvYCW3Nt2ieGkDpDAHLhDyw7kVbXr6sE2SjIqSJ9DZGYA30-e8Cil5oWp3ORigKYEtoLd0niZgWuwAM4wL9KUcQH2KdujRq3M63VBEFCoEZAKeuSXHZ8iAQGXYWrjHrumahRnIUQ76fd7GESwTz6QTDuVUbPgn12kvTOxltN7S-o4r1WiphEnMsgPvC6CSrj8QF0DuDPDcW2dIF76D8z-Gf139Jd6txpwTdVEKB72ByaCSWkF-UoJWo7vBncf2zYsIH3-w90owV--tuYm6pveINq1ygQoyFLC08P6IfTZmqn8FuVPdoStXGwdahH0sQfu2q4lZbcWNnIF8nmRf2jZ2joVtkZKEAQ3b0Pa8WqRvatw4lx1_KWQg2EXI5iad8rfcnMlZPoAw8oEir4Euf_R6bdjsisYdZdXTWJ1lXmjsDpJhWZ9t3dB168EC4QPM8IAb6VQ_-UUwNiQikz8rinjh3FRdCdzLEGWQDugzXi8eNjeGhE8pkPDrSfBCPWDEOTI&sai=AMfl-YQxNVl71MvG5PkJuVR3PIyuU05w6C8N1u2KZF9pbmCLvX8iKDITPSZhXT97JJy5GHWr7yRyBSgUrQILRRID0EN0BX63L0QP37DgNYyoBy4mCTJ3-YIthtFhramfZwXwyV7NSAQbqkLri_awu4EVTBE8V6bHD4RDIzTx5lLJohR5OQOwBTIH&sig=Cg0ArKJSzHYhJ65fgkb-EAE&cid=CAQSTgDICaaNO46Tsn0ocNtbsl0poMNgdZicnGSao1cQRY8jqaJkEYmubUj9EaIi9gRfnJF5N9qLNZ1vnXbWyHlyqSpDOxRetmV4rUHBYr8zihgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=3720366759&rs=2&la=0&cr=0&vs=4&r=v&rst=1702022463470&rpt=886&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113
adservice.google.com/ddm/fls/z/ Frame DBFF 42 B
107 B 58ms
58ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIqUwOOv_4IDFXJTkQUdsQ8EHg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5504641408222.113?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 widgets-20170109.css
vortex.accuweather.com/adc2010/oap/stylesheets/ 112 KB
14 KB 55ms
55ms Stylesheet
text/css 23.73.140.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vortex.accuweather.com/adc2010/oap/stylesheets/widgets-20170109.css
Requested by: Host: vortex.accuweather.com
URL: https://vortex.accuweather.com/adc2010/oap/javascript/jquery-1.9.1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.140.71 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-140-71.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 19f4edf9189f8d003c27b29fcb6f1f1085660470101374fda6648c41d4280a60

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
content-encoding: gzip
last-modified: Mon, 09 Jan 2017 21:59:10 GMT
server: Microsoft-IIS/8.5
etag: "43ca979bc36ad21:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400
servername: origin-v01
accept-ranges: bytes
content-length: 13968

GET
H2

200

current Show response
www.accuweather.com/ajax-service/oap/
Redirect Chain

http://www.accuweather.com/ajax-service/oap/current?callback=jQuery191023148329851885463_1702022463286&uid=awcc1495048023036&locationkey=&unit=f&language=en-us&useip=true&targeturl=http%3A%2F%2Fsal...
https://www.accuweather.com/ajax-service/oap/current?callback=jQuery191023148329851885463_1702022463286&uid=awcc1495048023036&locationkey=&unit=f&language=en-us&useip=true&targeturl=http%3A%2F%2Fsa...

3 KB
3 KB

337ms
336ms

Script
text/javascript

23.73.140.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.accuweather.com/ajax-service/oap/current?callback=jQuery191023148329851885463_1702022463286&uid=awcc1495048023036&locationkey=&unit=f&language=en-us&useip=true&targeturl=http%3A%2F%2Fsalem-news.com%2Fsevenday%2Findex.php&css=&_=1702022463287

Protocol

Server

23.73.140.71 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-73-140-71.deploy.static.akamaitechnologies.com

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e27f4f3fc232a2bdc8ba6fed64130d60f7c01a588ed00c9bbede751aafff4ff6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
content-encoding: gzip
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
mpulse_cdn_cache: MISS
x-powered-by: ASP.NET
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
servername: gweb-v02
mpulse_origin_time: 163
server-timing: ak_p; desc="1702022465598_399797868_818480341_27830_10769_48_0_146";dur=1
content-length: 1161

Redirect headers

Location: https://www.accuweather.com/ajax-service/oap/current?callback=jQuery191023148329851885463_1702022463286&uid=awcc1495048023036&locationkey=&unit=f&language=en-us&useip=true&targeturl=http%3A%2F%2Fsalem-news.com%2Fsevenday%2Findex.php&css=&_=1702022463287
Date: Fri, 08 Dec 2023 08:01:05 GMT
Server: AkamaiGHost
Connection: keep-alive
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702022465539_399797868_818480297_12_10351_50_0_-";dur=1
Content-Length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 69ms
69ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231206&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af840ab82e5d3fe4fd584d6b570b3ce378c083163570418428142e46d17f63ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12143
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 08 Dec 2023 08:01:05 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4FBB 13 KB
5 KB 21ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 31999
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 23:07:46 GMT
expires: Fri, 06 Dec 2024 23:07:46 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9FB4 829 B
998 B 35ms
35ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

39c6f6017a01731caee49ca4ec30c812b052d953cd43e9fac08def525eee0482

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7O7ZX_DBCiL9izopLcilPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://salem-news.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-7O7ZX_DBCiL9izopLcilPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 08:01:05 GMT
expires: Fri, 08 Dec 2023 08:01:05 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 4FBB 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 23:07:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 23:07:46 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9FB4 0
0 55ms
55ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231206&jk=2138884694861347&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4FBB 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?sjncCg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 456E 16 B
209 B 74ms
74ms Fetch
application/json 35.177.10.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-177-10-97.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 08 Dec 2023 08:01:06 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 122ms
33ms Preflight 35.177.10.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-177-10-97.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Fri, 08 Dec 2023 08:01:06 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame B6E8 16 B
209 B 81ms
81ms Fetch
application/json 35.177.10.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-177-10-97.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 08 Dec 2023 08:01:06 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 112ms
33ms Preflight 35.177.10.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.177.10.97 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-177-10-97.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Fri, 08 Dec 2023 08:01:06 GMT
server: nginx

GET
H2 200 07-xl.png
vortex.accuweather.com/adc2010/images/icons-numbered/ 35 KB
35 KB 54ms
53ms Image
image/png 23.73.140.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vortex.accuweather.com/adc2010/images/icons-numbered/07-xl.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.140.71 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-140-71.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 6f1c3f7105f5f92d49b7e0102a29617d715788ac9e882bb0fe1ceefffa64a67b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
last-modified: Fri, 22 Jan 2010 17:09:50 GMT
server: Microsoft-IIS/8.5
etag: "083d0b4859bca1:0"
x-powered-by: ASP.NET
content-type: image/png
cache-control: max-age=31536000
servername: origin-v02
accept-ranges: bytes
content-length: 36111

GET
H2 200 icon-get-widget-blue.png
vortex.accuweather.com/adc2010/oap/images/ 1 KB
1 KB 79ms
79ms Image
image/png 23.73.140.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vortex.accuweather.com/adc2010/oap/images/icon-get-widget-blue.png
Requested by: Host: vortex.accuweather.com
URL: https://vortex.accuweather.com/adc2010/oap/stylesheets/widgets-20170109.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.140.71 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-140-71.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 8ae54aefc607778dc3907fb07fb0dd871d70dd258abd89ca0d6259669073d647

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vortex.accuweather.com/adc2010/oap/stylesheets/widgets-20170109.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
last-modified: Mon, 15 Jul 2013 17:50:46 GMT
server: Microsoft-IIS/8.5
etag: "6c7b86d58381ce1:0"
x-powered-by: ASP.NET
content-type: image/png
cache-control: max-age=86400
servername: origin-v01
accept-ranges: bytes
content-length: 1111

GET
H2 200 07-m.png
vortex.accuweather.com/adc2010/images/icons-numbered/ 7 KB
8 KB 78ms
78ms Image
image/png 23.73.140.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vortex.accuweather.com/adc2010/images/icons-numbered/07-m.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.140.71 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-140-71.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 2faba8417fbef16de409a0196129cc6b666e045b4ae298b7f2fd25884b4c0c34

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 08:01:05 GMT
last-modified: Fri, 22 Jan 2010 17:09:52 GMT
server: Microsoft-IIS/8.5
etag: "0b01b6859bca1:0"
x-powered-by: ASP.NET
content-type: image/png
cache-control: max-age=31536000
servername: origin-v03
accept-ranges: bytes
content-length: 7520

GET
H3

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

52 KB
21 KB

22ms
21ms

Script
text/javascript

2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Protocol

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 08 Dec 2023 07:41:49 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1156
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 08 Dec 2023 09:41:49 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 29ms
28ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=762516715&t=pageview&_s=1&dl=http%3A%2F%2Fsalem-news.com%2F&dp=%2Foap-weather-widgets%2Fcurrent&ul=en-us&de=UTF-8&dt=Salem-News.Com%20News%20from%20Salem%20Oregon%20and%20the%20surrounding%20region.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEABCAAAACAAI~&jid=1418516373&gjid=1011630228&cid=2080048923.1702022463&tid=UA-31945348-1&_gid=593575653.1702022463&_r=1&_slc=1&cd1=OAP_Weather_Widgets&cd2=salem-news-com&cd3=accuweather&cd4=OAP_Widget_current&cd5=1&z=77542700

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://salem-news.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://salem-news.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
347 B 82ms
28ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-31945348-1&cid=2080048923.1702022463&jid=1418516373&gjid=1011630228&_gid=593575653.1702022463&_u=QACAAEAACAAAACAAI~&z=1313088332

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://salem-news.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 08 Dec 2023 08:01:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://salem-news.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 33ms
33ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-31945348-1&cid=2080048923.1702022463&jid=1418516373&_u=QACAAEAACAAAACAAI~&z=1552177500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 85ms
33ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-31945348-1&cid=2080048923.1702022463&jid=1418516373&_u=QACAAEAACAAAACAAI~&z=1552177500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
57ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231206&jk=2138884694861347&bg=!Y2ClYC_NAAY3kmNgF5I7ADQBe5WfOPzo2wmgMLxUbCjuYXXvPFDg7-uDhAP5XVg9eN1O1WUHO_FA0dcXxV3BwD1nH3BBAgAAADFSAAAAAWgBB5kC5SvHm-BoJG9QOwG1IMDzwtblePPgehZn0xxRcJkKFqpW9vL8xWW26iwzrNkYfqDBYUvGvhj4g7UP0u-oAnOUVORqqA4M9reST0CbhjcGTUAX4MCRNeuFVJaF1A5LAw3-4wg5kY2ztCsfOmrM6QN_ktR1T6xvnYsYbs3Vxd2-ggku4uosSRSkvPbE0amzPbGphKB41oqRZwFmYJqEh2FaMJqJnkQ7mnBVtKCpCezhi6D-NjzXZ03aQJKpQ6l1e5XuR9X35Md1wiAFcOGpLuz7ZWlpkQqzm30Se0GThk2ys26ffre3y0G20NeTooaBiTQxgK0K5pPbI6cO8eKZEVxYKYeUuoB1YTD2NlBrkokl9Vv4BL5aLIoxMngRW4E9Q_D2YkNFv4tnVDrkHXXEYn54Z1VmkH2zJ_mbHvFp9CrGjqz2dgIr4qLj9bndoP9KsPAg4e4mRGmCQ2r7bku64yeFiEf0vSuSl7tgkzbWCQEfwXhos8nmR4zcAlqne-oULvKaNUFV-vhKsPBBO1esn03EpHheAZvq1eWza5iwTsr-M3iL-zEDylfBpMoUW3WHGpSS2P9W4zKLKGI39JRE8OyIv0qBmfr9NXZ6M9C1VNIIL5AZmvQ-AO3tXu25DZGUdCcr7JPitCrUUs5WWzJg7pip0C8ZV2ZQRzo7Bw3Rc0rnX03kZTsrAxSy9xgLDsiWl9jc8cmyuaIsS-A3B0NZ1yzWqa_5r89Vqx8F5FSyhUVBlirhkIey9tK99oGgjk1UUa8CsJjD4ZeIMN2ORHTh_G2z1gDKrMkHo-K9IUyV9n3E97b734OdLPb3AZiGd0Yg0NoEqPVuWWEtn54AtWaPJcJFeQDoSDsW7oRNE146wEeGU5y1HZTiKPrB9BVR7ruXzAdD_0r-4NsbZxNge4SIirdCN3H8TOStSTn8uVSYAriRswzcp65asNxy6p-m_peNFRTXcOAPYzVenCU1vOCZnQGgvwkFh8SjHw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://salem-news.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 456E 0
20 B 56ms
55ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7291925844913&version=m202309260101&ct=77&x=1&cor=9385498792969679000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6E8 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9120677705646&version=m202309260101&ct=77&x=1&cor=15143705230638954000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 08:01:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

199 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.paypal.com/	1970-01-21 02:23:02	Name: ts Value: vreXpYrS%3D1796716863%26vteXpYrS%3D1702024263%26vr%3D4871be4f18c0a55160748fd7fff27365%26vt%3D4871be4f18c0a55160748fd7fff27364%26vtyp%3Dnew
.paypal.com/	1970-01-21 02:23:02	Name: ts_c Value: vr%3D4871be4f18c0a55160748fd7fff27365%26vt%3D4871be4f18c0a55160748fd7fff27364
.salem-news.com/	1970-01-21 02:23:02	Name: _ga Value: GA1.2.2080048923.1702022463
.salem-news.com/	1970-01-20 16:48:28	Name: _gid Value: GA1.2.593575653.1702022463
.salem-news.com/	1970-01-20 16:47:02	Name: _gat Value: 1
.salem-news.com/	1970-01-21 02:23:02	Name: _ga_VLL8LGN9EP Value: GS1.2.1702022463.1.0.1702022463.0.0.0
.salem-news.com/	1970-01-21 02:08:38	Name: __gads Value: ID=d659c6adf45190a6:T=1702022463:RT=1702022463:S=ALNI_MbTiBKkYwWVVSc1wZ5-lfcPnQwZqw
.salem-news.com/	1970-01-21 02:08:38	Name: __gpi Value: UID=00000d0f83bfa7d5:T=1702022463:RT=1702022463:S=ALNI_MZ0w6t0r4Ivf_ycUOZoPK47F4oGHA
.doubleclick.net/	1970-01-21 02:08:38	Name: IDE Value: AHWqTUmfkjDELBUoZQW1-Rh3XamnSCcH5jUdx5ANafGUK0zpJk9XRrlvcahAZDk9
.adnxs.com/	1970-01-20 18:56:38	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb6JpYx_!@wnfH8K6pQK`!5=E<L5?%M58[D@hrP[V4z95$h1A_w[([aIAU%zwj$Z1MbpRzqF1`*b^06)q6oQ
.adnxs.com/	1970-01-20 18:56:38	Name: uuid2 Value: 545487301494696531
.casalemedia.com/	1970-01-20 18:56:38	Name: CMPS Value: 3252
.doubleclick.net/	1970-01-20 16:47:06	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 21:06:14	Name: APC Value: AfxxVi6TdVdTBhU95DjiYcHC3hlVQcYxggHRSPQhLf0AkEcFrZ2B0w
.casalemedia.com/	1970-01-21 01:32:38	Name: CMID Value: ZXLNQHQFK9.lTAKJXzZLhwAA
.casalemedia.com/	1970-01-20 18:56:38	Name: CMPRO Value: 3252
.doubleclick.net/	1970-01-20 17:30:14	Name: ar_debug Value: 1
.googleadservices.com/	1970-01-20 18:56:38	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 18:56:38	Name: 8lcfmzhxc8d6_uid Value: cd9c892a89ba0525
.office-partner.de/	1970-01-21 02:23:02	Name: source Value: {"webgains_webgains":{"timestamp":1702022464970,"clickCookie":false}}
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.awin1.com/	1970-01-20 16:57:07	Name: awpv11601 Value: 113440\|1702022464\|efbeed70-959f-11ee-b1a8-22396ad6a5ca
.salem-news.com/	1970-01-20 16:47:02	Name: _gat_awxoapTracker Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: [Report Only] Refused to frame 'https://www.gofundme.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors gofundme.com .gofundme.com .hopin.com".
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6195063521241979&output=html&h=90&slotname=8216531368&adk=1694498236&adf=660775685&pi=t.ma~as.8216531368&w=728&lmt=1702022463&url=http%3A%2F%2Fsalem-news.com%2F&ea=0&wgl=1&dt=1702022463050&bpp=214&bdt=368&idt=612&shv=r20231206&mjsv=m202312050101&ptt=5&saldr=sd&abxe=1&prev_slotnames=8216531368%2C8216531368%2C8216531368%2C8216531368%2C8216531368&correlator=2991445271276&frm=20&pv=1&ga_vid=2080048923.1702022463&ga_sid=1702022463&ga_hid=762516715&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=417&ady=3476&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079921%2C31079931%2C44798934%2C31080036%2C44807763%2C44808149%2C44808285%2C95320229%2C31079988&oid=2&pvsid=2138884694861347&tmod=928285613&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&dtd=616 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad.doubleclick.net
ads.eu.criteo.com
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api.webgains.io
cat.nl3.eu.criteo.com
cdn.gofundme.com
cdn.track.production.webgains.team
cdn.transcend.io
cm.g.doubleclick.net
csm.eu.criteo.net
dsum-sec.casalemedia.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
gateway.gofundme.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900013.redintelligence.net
hal900029.redintelligence.net
ib.adnxs.com
imageproxy.eu.criteo.net
medialead.de
oap.accuweather.com
pagead2.googlesyndication.com
pv.medialead.de
region1.google-analytics.com
rtb.nl3.eu.criteo.com
salem-news.com
snap.licdn.com
static.criteo.net
stats.g.doubleclick.net
sync.transcend.io
tpc.googlesyndication.com
track.webgains.com
vortex.accuweather.com
www.accuweather.com
www.awin1.com
www.gofundme.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
104.18.36.155
104.64.118.247
116.202.48.214
13.227.219.97
13.32.27.71
13.42.211.181
138.201.63.145
142.250.185.194
142.250.185.66
151.101.65.21
172.217.16.134
172.217.16.198
178.250.1.6
18.154.63.54
18.66.147.41
18.66.248.87
192.229.221.25
192.241.229.70
2001:4860:4802:32::36
23.73.140.71
2600:9000:2447:8e00:2:8531:afc0:93a1
2600:9000:2644:ae00:a:de49:b100:93a1
2a00:1450:4001:800::2002
2a00:1450:4001:800::200e
2a00:1450:4001:802::2004
2a00:1450:4001:803::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:811::200a
2a00:1450:4001:813::2003
2a00:1450:4001:813::2008
2a00:1450:4001:81c::2001
2a00:1450:4001:828::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2003
2a00:1450:4001:830::200e
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9c
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:26f0:780::210:a46a
2a0b:4d07:101::1
35.177.10.97
37.252.171.149
88.99.219.174
91.121.248.44
94.23.99.218
0053aaaa79ecdcd48e89d0d2125e6a420e44be52c82fc48fcfaa8689d76758a8
0088244ce39b74bd4709b6ed4a31d81ec74c6e38ce053820ceea98c9540993d5
02b4d11b9dbec60e2231d876ffd7e148e56f2326313410a43be1672692af0f47
03a0166daf6557f3ff3ca59dbb4a32c487c0728d722c878d46d538a36350cdd2
065ac62fa003726383877ac67c6421bdc89c110a8d9ced1a3691c7b4d5c26ed7
081cd2b11835dc3e7e9bfc33d63b2545db64b0174735d76f9a6da40ce3cf0919
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0abb03c6e80a7a02e9baf0b9de3c484bf038585e6f664cda8d8148bc51439ece
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e7bf7e7bfd3396bd1580a6f82cba120025f263d0d5bd7865f59c4c8d5640351
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
104b819b3bacd733d6202c93e4047aeed6386318bf6102aead3a73a91042c438
116c7e22845f8c8784d4633bc3170e02c6a12e8c7e56ed29e7250aafbe693953
12ac8a2c807a542382ec525f4756cba990027c39697585fe760af0649568f26a
134e1f5b534c68700dca4e7b9f91e7ff5123e11d2efdd6e54c846ca053b973a7
15550af5b2a29066c9ad3292c7591b39de8ee38988ca0098ed13a6eddf69a08a
15838004d5e196b563a00a0ba16ce432fed6deb3dd4fab7122601f2c4f41560a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1830714f9d18ea80c24c15835373caeac686edc54adcb047ceeb39d82171b9e9
18780ca8e35e3c2913a84503557b4693fcd8534a735448b2c354875087fb0ca5
188bb1d3367ca5f38f23691125569df1cf1f98bfc6c96105758cb9c5e0f6aece
19f4edf9189f8d003c27b29fcb6f1f1085660470101374fda6648c41d4280a60
1be4cf253c424652647839d16c2b34b2ca8d8b1e5d216b7f3dfc68bd187f8867
1dbb7d94630c8e762082b9aa8abc6579a1be8657b1f8cd74db1a023ff2966196
1efc20fa7c985d7d22b1941ca164828cbb7658eb6efde057cd4a4b57d5d6b342
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81
21a895554a09087368c86517b1ef2159389387e136023980efb299b4ec16a712
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
25b3ea23988624592d1290004418dc7d0066a4a5087656d1bcf650a2e0c983ce
25fdd50642c6077529b2e71e9b357b4f5a57ed6e7916401722d6f6720be28ee4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f7b5f6365163c37daeefc494f041cd181de38fbf9499e68da1de2eab10feab3
2f85f7bf91ca6c32ce88373355f45e4d9f8ef5108456bee9031038fd1ac53d09
2faba8417fbef16de409a0196129cc6b666e045b4ae298b7f2fd25884b4c0c34
3077aac5c53527a4764bf45c64154cea8921af2da25096c28ee403b579c9b029
30ba39bb051bf89b6734136cdfea849c768820903b6d84535f622516ed1ea7f0
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31b628d2d6f5fce8b1dd7ac9fc3b1996cf6a9c1a570e9df853ffeafbe6eb38fe
33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256
37ad81a6aefd33e14f73fcce7da7e92dbaba9f941f265b1ed8cefab97eee02d7
37bd58d8ac13064a13f443f0d285393c645e5292f90f55273ed72da7936f5832
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38df18981c07411b258a130996357394cbdad9df24b7cb96c62db02214d43ca4
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
394f50ac049d8dfe73a70d180c539192287cf6bf65c87f8cf63a3074e981c790
39c6f6017a01731caee49ca4ec30c812b052d953cd43e9fac08def525eee0482
3b3a565398ec361ad761f8d6a94cbbbc31603e9484c70b84a01d210fd2b5e15e
3cbaa87107ab1440e450d819195df0babe178c9e7d2f7ca47f2cc089a38cbe27
3f09af1984b3c7a18a3c49d63c2606d5288e69e4607c9b042e482702bd90b7ef
401b4cd202bbf64b33b04a16f68aa72cceea9f75562bd51ae66bee2a3bf1e0a6
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
424d101d47bbe9764711787d837c6eeae31e8002ee7fb84861d4b565c1dcc94b
42c2ac6cb53dcc5d264ec29ca3d796c347ee643aa01d94ef73d0b24a814c9849
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43c8024ea22de1aee05a017907ce857fd3b53ffb32f93dc94c68bc0c16af50b7
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
44d3fe4bb087134f0252883e756be506a1cd3af99290225a658282279bd79efd
4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808
48048f34cf11962d4837a2f1f659afd79b26f76e519de06239a55275280ac8d5
4b28206a13b0f6352988ec154ed3ea6636a9e0e74a74f1b4f3abfbddede09cf4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c9c0bd30ea7c18ad8eaec470ca5d594a0b43291cd814f15c10485e23fc100e7
4ceb7fa2fba3168514b521eb98b5e31ea759cb3a1270cdb81c7433dcc3949b40
4ddf6973fa3421cc10d8946187a761c0317632b66442c3d20c736024fba1029f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
52ae61c0720ae779b166ba75eb15923913725a390383be86868c33bfc191c1fe
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55380e58ed3ded7e334522936f36fa41165a06efe7a6120b6da630574a160aa2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565094c22d6752044ea6fd47d572c205542e867bca1ee533c648a2c506087aee
5de17a06142490aa81f4f131c6554accbc24383992f00df1663e240881a2e891
5fe7d225fa2af2d7a7faafb430f93c1910b58cbf8d9761c5f14fcd9e9f75aa0d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
640c9cbb97ba18dc1bcde7f36eed441db79a02b0912d0f4325d4b475d3b84565
67abb48de10855a099eb2f3fbc6e1256d4027e2905bea1cc0700ab5a299fb490
67c9becbda158bb8b5be6f6e6a6c55c48e7a2f11ac473bb55e0be86a533b5dfe
69bde83057e3e3193b6b27e7e7a1fa6c31e0a15cee27553b8ec526bfcd9188d1
6d777e128fb84a4ecd883849c0d7f3ea2d90c0360965ad5fc870715e9fc45022
6df74be46d98203c646feed9b634f98d33fbe7826f0e89814cdecfa145fdd483
6f1c3f7105f5f92d49b7e0102a29617d715788ac9e882bb0fe1ceefffa64a67b
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72fdf1cdc760f744e5c5400868abd6f08a165c0783e7b2ee37e750168b11aff2
7387021408574afb13687c47d583f43c70cf9511d5dfd772be64f8ec975895a8
7473bc597d499a69d196a66572dac2f92a1108c9e698dd52565ce150008e2c80
7485f98c769235c979c928fb91bd85dbbaa634ce06e7b7f2041801967a4939f4
765aaacbe9b34b21f019208ed14620d557cb039cd22a68019104a8e7d7da7702
7846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040
7883f5678f845e2d710e384ba585bbf814beb44ee1c090261fe4ce4b6a3a1d78
78cd70b2b526a332fa419aa8aad69cab0b47ecc56a5400a978c770d2e89f194c
79d05de65a2233c2735dbe9eb5fdc478e476fe23dedbe722ddb86ce0c0dfe7fe
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
879d025ffbd5620ae4bd5009d8d2ab465bb57d47725e1c9d1a4a79ea0b6b9565
87a92e159459b46d503d7ca9301e076e886bf1eb91abaae349f8b6a69deb2571
88ea1fa6dd07a757f7c271f640f0c984180f46e001ad52c663fe3e827766dc79
89bcd375b1455561028d3967ca27ea816b0e4890b61ab0dd2a182530709422e1
8ae54aefc607778dc3907fb07fb0dd871d70dd258abd89ca0d6259669073d647
8b0103d5131047a6907ba6b56609de98a26e3d5c5835133a93caa19b1071b4fb
8cd4cbfaec4318590ca55927b32df24b992ef03d93514495dec5f945efe86e24
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8fe6acb606204bb51fd9130bca281a23ad25aafaf98e912bca79323adbb14c67
90354c2817fc223875574baffd036bb1041d5f56de7028eb724a5c3941691e6e
9121181ae00e984d5ff558b8cd1d02388950cedbd4dee523cc27323ad7f2a607
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
947ddace4c6097bd951f40b63f66bc7be1d58e5ae6ea0a1b53239eb78ed77eaf
949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b
9867eb60a6e41fad41c275393dae42a10e56f720adcb98886bfcfd18dcf07089
9aec1dbe7374063ae2a777d91c1caa0216e35d0b1536bb5674e2e83cf36f3f2d
9bb30e2bc446aa2301690bf87752244412e4e23f2756a0f4839539cca6dc9174
9e573ccf8e367e68c531dc8bcbc5efd89c795c8c1f565d6427b5b72bb5315ebb
9ef54ce221fe81933db2f8713dba333bebea4585a77cb4ba52498e5f3f083ada
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
9ff934cd7d0b18ab7e48a1dbf8798aa2499c10bee7a9d2ff200aae76885ed12f
a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a558dc731872adb52490cf8550eb796d0d0b448df332e38f815228576dd0cd5a
a5c42a65ca37c60e289e38521c822c73dff57156d9da86fee8f39012c0d5d05e
a67f7c40e1f2acac9e9d5623dabb39188083317341d23eb085997779a5f347a5
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7e943ef5e30e220196f66d125e9840c4f13acd9d6bf933c05696a85ec983a75
a82328fa8918a5c92717a60ac8026959f9089783088dc3cc1b6f7d6e03fe6900
a87ecc29279c740015f9460447e8bf465401d93faa38c171399c549cbd0feb7d
aa0d88cf9405411db10db6a135a9fa9335d98a71cef5e32ae49bf8e205d04422
ad294104f5d656ccdb248e15072fcd15deab18f8d2499fe29852f6f801ae8c04
ad361c20ebe6b4243e291f7d4e03848c68f78c8a335f5a3ad1b1e1a729927a33
adbda63eddcb8adba7a43fe15c6d0bec2367695e2074b5b96270c2bf5813cf66
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aef4907f13717e310cb3b29fc4294a2ff5497b5d3260070e27e284a39343ec1c
af840ab82e5d3fe4fd584d6b570b3ce378c083163570418428142e46d17f63ee
b0282529af39db81edec5b52bbbaa109ea6cbf5bcffb71c28b1fd5114fbeb955
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23a9ff408dba1959c07f65527e8cdcb3aa53676c2d439a2813ee09667c03004
b28d136e1e0a42244c6009763c10d772aed819c3dedccc3786330934f0c3e7a5
b2f24aafb98b074e3946136dc976b95a0e1f1e3c0f12bbdba742e01a651a3e30
b7a16954120a4fcc5e1214138706474f4dbca9cfa7cd15eaa3cf615e382a2b3c
b7b777b658f7d547e39e268662498f378ba5e39f6c32347f825b5b7ccfaccda3
b9dfa7dd2ce09603d25d6f4c93fdc4b21deaa84ab7b38d5c7723e037d8facf9b
bc5d352be9fcdb0f9483ba4abc3f87322d2f29fca5d7d4e7503133ad659f008b
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
c06e4410d24951c9bc4e29dad8151c1763a8e0200d518199c7ff5980997b5122
c115adf4dd85c1f13fd4723cf45e4c21f83bf1607b2cf803fac917f4e3513829
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1f37beaead769da889ea47445b6780280f330c7b4d7414450608d5baafca2f5
c32e8aa1df3ceeff5f9e1faf71fbd9485bf81906dfdaacbc7dc3e644fe2fc1c9
c66edf77e0f8f8f549672123f9e5d3d6a7b05c3e592450028eabde53346bd55d
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ccbbff502a3f290561f1e5feefc0a6a5cfaea286e9b689669e6b1fa40d567f96
d175ae345afe14519bca3ebe152a9f863e5116f8993a641c26f619f926436df0
d1b602feb30aa3194f7a97fd4bf8b4e8eb491f4cf780604730ef4040c3053fe2
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de5eba26bd105c03ec9eb57c0d5dad0bc9b10000b375a0ac5daafd33726458c2
e07b2c0c2abbe3dd90e211312b921dfbdf96af044c0925555ef0735b109b0f8b
e27f4f3fc232a2bdc8ba6fed64130d60f7c01a588ed00c9bbede751aafff4ff6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46c3cf698504822a851df2c84cdcca9f62c2c09890f083541bb50ea016478db
e569c62ffe2c8366ed09597adea1eb70b174c39b2855c1ea593f33dd2bafd5f4
ea861a52ea2baeed54b7c80eaef5a7deb3db6377e06c6d6773683fab85ce4402
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec667b61257fa9364f1c04faf29a6cd2521ddcac847bb377530a97d77c393219
ecf9967a9685eff0fdc0555125aeb40dc81a85c8de18c48c2a705132ef6129bd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0e34e6156e006e95579f7fd649583a85175b331452c3cb0aac883c472cee0fe
f2b36c8eda107a6cd98e794b67e95c800dada58c6c9f9e56a2c56dda140cb8d7
f3754a3b3da84bda6758b6a962befbf42885e875e1e83d177fcfbc2f71ed2615
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5d22eee47a54fec107105abfb733e0759d69bfab519a5e2370321e5ae6c7b70
f5d47ecb3c7be4b541c9f3de5d7e9598cffc4bec1d0add55a35604e3f7456812
f7f658562cc5f0e84e80bbd7b9ebdfefa77c2ecd5a9cfec1db9678ac6e662d2e
f9b54eb46a8dd9a7eeeff163e368f71c3dfe239aca607f073d1340027677fc16
fa102067e432416a5d676554f0657468f05cd1dbefd98e4dd38f06c1b96dd0dd
fa69232a7b6aa7cead50808993bae749aebef8df64536c19d031f8f8b1425fc0
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd
fbd9d31a2a3e4eb50342e65b3fca5ee367cfdb626f85571bca56376fd9fcc7f9
fcafa1584fbf01e8576cccd01f7477176453c09f6ad74cb07a4d91976ae01b1b
fdad85fd06357e62d3b63d49ffc4b352db761a8c31db32aec67ba981f303f7fc
fe188a12938cd48042a6dd4536b0c233ab40714ac48833dee2b6408e668ed6ed
fe1a83944602ce51bf265163d8aa7c4fa7740a8655bcebfd55b82e24bc502686

salem-news.com Open in urlscan Pro 192.241.229.70 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

253 Requests

75 %HTTPS

54 %IPv6

28 Domains

54 Subdomains

51 IPs

8 Countries

3960 kBTransfer

10843 kBSize

23 Cookies

28 Outgoing links

Redirected requests

253 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

salem-news.com Open in urlscan Pro
192.241.229.70 Public Scan

Screenshot
Live screenshot

Full Image

253
Requests

75 %
HTTPS

54 %
IPv6

28
Domains

54
Subdomains

51
IPs

8
Countries

3960 kB
Transfer

10843 kB
Size

23
Cookies

253 HTTP transactions
5 data transactions