www.derwesten.de
Open in
urlscan Pro
2a01:4f8:c0:2ba8::1
Public Scan
Submitted URL: https://sso.morgenpost.de/
Effective URL: https://www.derwesten.de//
Submission: On July 12 via automatic, source certstream-suspicious
Effective URL: https://www.derwesten.de//
Submission: On July 12 via automatic, source certstream-suspicious
Summary
This website contacted 19 IPs
in 2 countries
across 21 domains to perform 81 HTTP transactions.
The main IP is 2a01:4f8:c0:2ba8::1, located in
Speyer, Germany and
belongs to HETZNER-AS, DE.
The main domain is www.derwesten.de.
TLS certificate: Issued by R3 on June 12th 2021. Valid for: 3 months.
This is the only time www.derwesten.de was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 12th 2021. Valid for: 3 months.
This is the only time www.derwesten.de was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
54
2a01:4f8:c0:2ba8::1
(Speyer, Germany)
ASN24940 (HETZNER-AS, DE)
ASN24940 (HETZNER-AS, DE)
| www.derwesten.de | |
| img.derwesten.de | |
| www.waz.de | |
| www.nrz.de | |
| www.wp.de | |
| www.wr.de | |
| www.ikz-online.de | |
| front.video.funke.press |
1
2606:4700::6812:451
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| f23f026d-af06-45a2-8d42-9222f4656195.edge.permutive.app |
1
13.224.99.82
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-224-99-82.zrh50.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-224-99-82.zrh50.r.cloudfront.net
| cdn-a.yieldlove.com |
2
216.58.212.130
(Mountain View, United States)
ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net
ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net
| securepubads.g.doubleclick.net |
4
2.18.234.190
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-190.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-190.deploy.static.akamaitechnologies.com
| widgets.outbrain.com | |
| widget-pixels.outbrain.com |
1
2a00:1450:4001:80f::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
5
2a02:6ea0:c700::3
(Frankfurt am Main, Germany)
ASN60068 (CDN77 ^_^, GB)
ASN60068 (CDN77 ^_^, GB)
| cdn.consentmanager.mgr.consensu.org |
3
87.230.98.74
(Germany)
ASN61157 (PLUSSERVER-ASN1, DE)
PTR: ma5037422.psmanaged.com
ASN61157 (PLUSSERVER-ASN1, DE)
PTR: ma5037422.psmanaged.com
| consentmanager.mgr.consensu.org |
1
151.101.13.194
(Frankfurt am Main, Germany)
ASN54113 (FASTLY, US)
ASN54113 (FASTLY, US)
| confiant-integrations.global.ssl.fastly.net |
1
2.18.232.28
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-28.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-28.deploy.static.akamaitechnologies.com
| tcheck.outbrainimg.com |
| Domain | Requested by | |
|---|---|---|
| 25 | img.derwesten.de |
www.derwesten.de
|
| 20 | www.derwesten.de |
1 redirects
www.derwesten.de
|
| 5 | cdn.consentmanager.mgr.consensu.org |
www.googletagmanager.com
rumcdn.geoedge.be |
| 4 | front.video.funke.press |
1 redirects
www.derwesten.de
|
| 3 | consentmanager.mgr.consensu.org |
rumcdn.geoedge.be
|
| 3 | widgets.outbrain.com |
www.derwesten.de
rumcdn.geoedge.be widgets.outbrain.com |
| 2 | platform.twitter.com |
www.derwesten.de
rumcdn.geoedge.be |
| 2 | de.ioam.de | 1 redirects |
| 2 | securepubads.g.doubleclick.net |
www.derwesten.de
rumcdn.geoedge.be |
| 2 | rumcdn.geoedge.be |
www.derwesten.de
rumcdn.geoedge.be |
| 1 | syndication.twitter.com |
platform.twitter.com
|
| 1 | log.outbrainimg.com |
www.derwesten.de
|
| 1 | widget-pixels.outbrain.com | |
| 1 | tcheck.outbrainimg.com |
widgets.outbrain.com
|
| 1 | confiant-integrations.global.ssl.fastly.net |
cdn-a.yieldlove.com
|
| 1 | www.googletagmanager.com |
www.derwesten.de
|
| 1 | static.cleverpush.com |
www.derwesten.de
|
| 1 | cdn-a.yieldlove.com |
www.derwesten.de
|
| 1 | script.ioam.de |
www.derwesten.de
|
| 1 | f23f026d-af06-45a2-8d42-9222f4656195.edge.permutive.app |
www.derwesten.de
|
| 1 | ajax.googleapis.com |
www.derwesten.de
|
| 1 | www.ikz-online.de |
www.derwesten.de
|
| 1 | www.wr.de |
www.derwesten.de
|
| 1 | www.wp.de |
www.derwesten.de
|
| 1 | www.nrz.de |
www.derwesten.de
|
| 1 | www.waz.de |
www.derwesten.de
|
| 1 | sso.morgenpost.de | 1 redirects |
| 81 | 27 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| funkedigital.de R3 |
2021-06-12 - 2021-09-10 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2021-06-22 - 2021-09-14 |
3 months | crt.sh |
| permutive.app Cloudflare Inc ECC CA-3 |
2021-05-25 - 2021-08-22 |
3 months | crt.sh |
| rumcdn.geoedge.be Amazon |
2020-10-02 - 2021-11-03 |
a year | crt.sh |
| *.ioam.de Thawte TLS RSA CA G1 |
2019-09-18 - 2021-12-17 |
2 years | crt.sh |
| cdn-a.yieldlove.com Amazon |
2020-09-18 - 2021-10-20 |
a year | crt.sh |
| *.g.doubleclick.net GTS CA 1C3 |
2021-06-22 - 2021-09-14 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-12 - 2021-08-12 |
a year | crt.sh |
| *.outbrain.com DigiCert SHA2 Secure Server CA |
2021-05-25 - 2022-06-01 |
a year | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2021-06-22 - 2021-09-14 |
3 months | crt.sh |
| 1376624012.rsc.cdn77.org R3 |
2021-06-29 - 2021-09-27 |
3 months | crt.sh |
| consentmanager.mgr.consensu.org R3 |
2021-07-03 - 2021-10-01 |
3 months | crt.sh |
| *.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020 |
2021-04-27 - 2022-05-29 |
a year | crt.sh |
| *.outbrainimg.com DigiCert SHA2 Secure Server CA |
2021-05-04 - 2022-05-09 |
a year | crt.sh |
| *.twimg.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-05 - 2021-11-09 |
a year | crt.sh |
| syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-02-05 - 2022-02-04 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.derwesten.de//
Frame ID: 08A67B877762B6B76808D4170795FC6C
Requests: 78 HTTP requests in this frame
Frame:
https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Frame ID: D53AEE49C9EF82E091BDE143C0DBBEB4
Requests: 2 HTTP requests in this frame
Frame:
https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.derwesten.de
Frame ID: 68443BB1E8B236E772420F71DA9F0952
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://sso.morgenpost.de/
HTTP 302
http://www.derwesten.de// HTTP 301
https://www.derwesten.de// Page URL
Page Statistics
20 Outgoing links
These are links going to different origins than the main page.
URL: https://jobsnrw.de/
Title: Jobs
Title: Jobs
Search URL Search Domain Scan URL
URL: https://www.globista.de/
Title: Globista
Title: Globista
Search URL Search Domain Scan URL
URL: https://www.funkemediennrw.de/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://angebote.derwesten.de/aktuell.html
Title: Prospekte
Title: Prospekte
Search URL Search Domain Scan URL
URL: https://ruhrticket.wlec.ag/index.php
Title: Tickets
Title: Tickets
Search URL Search Domain Scan URL
URL: https://www.globista.de/sante-royale-resort/?utm_source=derwesten&utm_medium=banner&utm_campaign=gesundheit_hkw27&utm_content=headerfeat140x53
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.globista.de/reisemobil/?utm_source=derwesten&utm_medium=banner&utm_campaign=startseiten_kw05&utm_content=startseite315x80
Title:
Title:
Search URL Search Domain Scan URL
URL: https://angebote.derwesten.de/aktuell.html?utm_medium=display&utm_source=display&utm_term=funkenetzwerk&utm_campaign=derwesten.k2017.aktuelleprospekte.-.-.-&utm_content=-
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.facebook.com/Der-Westen-243001859426137
Title: Der Westen
Title: Der Westen
Search URL Search Domain Scan URL
URL: https://www.waz.de/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.nrz.de/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.wp.de/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.wr.de/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.ikz-online.de/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.funkemedien.de/de/karriere/
Title: Jobs bei uns
Title: Jobs bei uns
Search URL Search Domain Scan URL
URL: https://funkemediasalesnrw.de/mediadaten/#digitaldownload
Title: Mediadaten
Title: Mediadaten
Search URL Search Domain Scan URL
URL: https://funkemediasales.de/mediadaten/
Title: Leistungsdaten
Title: Leistungsdaten
Search URL Search Domain Scan URL
URL: https://funkemediasalesnrw.de/mediadaten/
Title: Werbeformen
Title: Werbeformen
Search URL Search Domain Scan URL
URL: https://www.funkemediasalesnrw.de/
Title: FUNKE Media Sales NRW
Title: FUNKE Media Sales NRW
Search URL Search Domain Scan URL
URL: https://www.funkemedien.de/
Title: FUNKE
Title: FUNKE
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sso.morgenpost.de/
HTTP 302
http://www.derwesten.de// HTTP 301
https://www.derwesten.de// Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 55- https://de.ioam.de/tx.io?st=westeins&cp=nrw24-home&sv=ke&co=&sc=yes&ct=0000000000&pt=CP&ps=lin&er=N22&rf=&r2=&ur=www.derwesten.de&xy=1600x1200x24&lo=FR%2FIle-de-France&cb=000e&i2=000e9ac0cbe649b6460ebfd46&ep=1648810713&vr=424&id=qn28vx&i3=000e9ac0cbe649b6460ebfd46%3A1652948934505%3A1626078534505%3A.derwesten.de%3A1%3Awesteins%3Anrw24-home%3Anoevent%3A1626078534505&n1=1&dntt=0<=1626078534507&ev=&cs=2akxr8&mo=1 HTTP 302
- https://de.ioam.de/tx.io?st=westeins&cp=nrw24-home&sv=ke&co=&sc=yes&ct=0000000000&pt=CP&ps=lin&er=N22&rf=&r2=&ur=www.derwesten.de&xy=1600x1200x24&lo=FR%2FIle-de-France&cb=000e&i2=000e9ac0cbe649b6460ebfd46&ep=1648810713&vr=424&id=qn28vx&i3=000e9ac0cbe649b6460ebfd46%3A1652948934505%3A1626078534505%3A.derwesten.de%3A1%3Awesteins%3Anrw24-home%3Anoevent%3A1626078534505&n1=1&dntt=0<=1626078534507&ev=&cs=2akxr8&mo=1&sr=71
- https://front.video.funke.press/html5/html5lib/v2.85/modules/KalturaSupport/thumbnail.php/p/106/uiconf_id/23464665/entry_id/0_6j7ga3ps/height/480 HTTP 302
- https://front.video.funke.press/p/106/sp/10600/thumbnail/entry_id/0_6j7ga3ps/version/100022/height/480
81 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.derwesten.de// Redirect Chain
|
718 KB 103 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.derwesten.de/stats/ |
43 B 200 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sub-logo.svg
www.derwesten.de/resources/1625571399805/img/ |
10 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
140x53-Gesundheitsurlaub.jpg
img.derwesten.de/img/archiv-daten/origs232749805/1540963354-w160-h960-q85/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-head.svg
www.derwesten.de/resources/1625571399805/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-head-group.svg
www.derwesten.de/resources/1625571399805/img/ |
10 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
lotto.jpg
img.derwesten.de/img/vermischtes/crop232764031/4985116736-w200-cv3_2-q85/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Silvia-Wollny.jpg
img.derwesten.de/img/promi-tv/crop232746779/2605114695-w200-cv3_2-q85/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
baustelle1.jpg
img.derwesten.de/img/essen/crop232761157/1295112686-w200-cv3_2-q85/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
imago0124405356h.jpg
img.derwesten.de/img/vermischtes/crop232762385/5583835439-w960-cv16_9-q85/ |
103 KB 103 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
transparent_pixel.png
www.derwesten.de/resources/1625571399805/img/ |
68 B 332 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
teaser-lotto-channel03-315x80.jpg
img.derwesten.de/img/incoming/origs211349415/3133447070-w960-h960-q85/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Wohnmobil-315x80.jpg
img.derwesten.de/img/incoming/origs231462589/1933446667-w960-h960-q85/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
borussia-dortmund-roman-buerki.jpg
img.derwesten.de/img/bvb/crop232761661/5943832206-w960-cv16_9-q85/ |
59 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
BVB-Marco-Rose-Moukoko.jpg
img.derwesten.de/img/bvb/crop232764029/3617061713-w300-cv4_3-q85/ |
15 KB 15 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
borussia-dortmund-mwepu.jpg
img.derwesten.de/img/bvb/crop232754747/8867064854-w300-cv4_3-q85/ |
19 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
lazyloader.gif
www.derwesten.de/resources/img/ |
696 B 961 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
NotoSans.woff2
www.derwesten.de/resources/fonts/noto-sans/noto-sans-regular/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
icon-font.woff2
www.derwesten.de/resources/fonts/icon-font/common/ |
12 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
leaguespartan-bold.woff2
www.derwesten.de/resources/fonts/league-spartan/ |
12 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
NotoSans-Bold.woff2
www.derwesten.de/resources/fonts/noto-sans/noto-sans-bold/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mario-goetze.jpg
img.derwesten.de/img/bvb/crop232760919/4187064388-w300-cv4_3-q85/ |
16 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FC-Schalke-04.jpg
img.derwesten.de/img/s04/crop232744101/2983838532-w960-cv16_9-q85/ |
63 KB 63 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FC-Schalke-04.jpg
img.derwesten.de/img/s04/crop232764073/4127065153-w300-cv4_3-q85/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Schalke-04-Transfer-Schroeder.jpg
img.derwesten.de/img/s04/crop232763887/3697065389-w300-cv4_3-q85/ |
13 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
schalke-amazon-prime.jpg
img.derwesten.de/img/s04/crop232758851/0317063418-w300-cv4_3-q85/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Crystal-Meth-Horror-Droge-auf-dem-Vormarsch-in-NRW.jpg
img.derwesten.de/img/video/crop232033405/331802399-w480-cv16_9-q85/ |
18 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
seitenheader-prospektchannel-reichweitenportal-618x150.png
img.derwesten.de/img/incoming/origs211275803/0433448039-w960-h960-q85/ |
135 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
www.derwesten.de/logo/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
www.waz.de/logo/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
www.nrz.de/logo/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
www.wp.de/logo/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
www.wr.de/logo/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
www.ikz-online.de/logo/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
NotoSans-BoldItalic.woff2
www.derwesten.de/resources/fonts/noto-sans/noto-sans-bold-italic/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg_dark.jpg
www.derwesten.de/resources/img/ |
21 KB 21 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js_defer.I4cHjq6EEP.js
www.derwesten.de/pagespeed_static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js_defer.I4cHjq6EEP.js
www.derwesten.de/pagespeed_static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
plugins.min.js
www.derwesten.de/resources/1625571399805/js/ |
193 KB 51 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.min.js
www.derwesten.de/resources/1625571399805/js/ |
189 KB 43 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
f23f026d-af06-45a2-8d42-9222f4656195-web.js
f23f026d-af06-45a2-8d42-9222f4656195.edge.permutive.app/ |
256 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
grumi-ip.js
rumcdn.geoedge.be/7ee86014-6f98-446b-880d-7f8c1cd4db04/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
iam.js
script.ioam.de/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
yieldlove-bidder.js
cdn-a.yieldlove.com/ |
402 KB 119 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gpt.js
securepubads.g.doubleclick.net/tag/js/ |
68 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
106
front.video.funke.press/p/106/sp/10600/embedIframeJs/uiconf_id/23464665/partner_id/ |
77 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
imebMivo3j2n3GE3r.js
static.cleverpush.com/channel/loader/ |
161 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
27 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
lotto.jpg
img.derwesten.de/img/vermischtes/crop232764031/2734257918-w310-cv4_3-q85/ |
16 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Silvia-Wollny.jpg
img.derwesten.de/img/promi-tv/crop232746779/6134256487-w310-cv4_3-q85/ |
16 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
baustelle1.jpg
img.derwesten.de/img/essen/crop232761157/4934251504-w310-cv4_3-q85/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
borussia-dortmund-roman-buerki.jpg
img.derwesten.de/img/bvb/crop232761661/3104256792-w310-cv4_3-q85/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
outbrain.js
widgets.outbrain.com/ |
179 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
grumi.js
rumcdn.geoedge.be/7ee86014-6f98-446b-880d-7f8c1cd4db04/ |
399 KB 110 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
175 KB 57 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tx.io
de.ioam.de/ Redirect Chain
|
0 717 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cmp.min.css
cdn.consentmanager.mgr.consensu.org/delivery/ |
20 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cmp.php
consentmanager.mgr.consensu.org/delivery/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cmp_en.min.js
cdn.consentmanager.mgr.consensu.org/delivery/ |
267 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wrap.js
confiant-integrations.global.ssl.fastly.net/prebid_v3l/202003181643/ |
9 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3-29 |
pubads_impl_2021070701.js
securepubads.g.doubleclick.net/gpt/ |
329 KB 114 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
put.html
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame D53A |
416 B 798 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
d3d3LmRlcndlc3Rlbi5kZQ==
tcheck.outbrainimg.com/tcheck/check/ |
16 B 463 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
px.gif
widget-pixels.outbrain.com/widget/detect/ |
43 B 451 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
test.html
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame D53A |
610 B 992 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bV8xLndfNjg1OC5kXzc1NzIueF8xNS52LnRfNzU3Mg.js
cdn.consentmanager.mgr.consensu.org/delivery/customdata/ |
64 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
langpurpose_de.min.js
cdn.consentmanager.mgr.consensu.org/delivery/lang/ |
39 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dwce_cheq_events
log.outbrainimg.com/loggerServices/ |
4 B 325 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.derwesten.de/nr/proxy/ |
3 KB 757 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Blaulicht.jpg
img.derwesten.de/img/incoming/crop232764005/3614257938-w310-cv4_3-q85/ |
15 KB 15 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Stefan-mross.jpg
img.derwesten.de/img/promi-tv/crop232758571/794425409-w310-cv4_3-q85/ |
13 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
widgets.js
platform.twitter.com/ |
95 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
umfeld33630284l-f74e2c68-b595-1516-40b5-9dfd4402cc59.jpg
img.derwesten.de/img/hemd/crop813565806/158740331-w328-cv3_4-q85/ |
68 B 327 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pixel.php
consentmanager.mgr.consensu.org/delivery/ |
43 B 325 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pixel.php
consentmanager.mgr.consensu.org/delivery/ |
43 B 325 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo1601260478x5459.gif
cdn.consentmanager.mgr.consensu.org/delivery/img/ |
31 KB 32 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
widget_iframe.06c6ee58c3810956b7509218508c7b56.html
platform.twitter.com/widgets/ Frame 6844 |
319 KB 103 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tear15474980k-1fb8be16-1688-1586-c6c5-9dfd4402cc59.png
img.derwesten.de/img/ehe/crop308549053/138421823-w945-cv5_7-q85/promotools/ |
68 B 327 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
settings
syndication.twitter.com/ Frame 6844 |
256 B 258 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
480
front.video.funke.press/p/106/sp/10600/thumbnail/entry_id/0_6j7ga3ps/version/100022/height/ Redirect Chain
|
33 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
player_big_play_button.png
front.video.funke.press/html5/html5lib/v2.85//modules/MwEmbedSupport/skins/common/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
219 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated boolean| once object| pagespeed string| metaDataKeywords boolean| isLinkRelRendered undefined| $ function| jQuery function| EventManager function| countIVW function| LazyLoad function| Hammer function| Cookies object| juxtapose object| picturefillCFG function| picturefill function| SmartBanner function| Swiper function| sas_loadHandler function| openLayer function| closeLayer function| createCookie function| readCookieJson function| readCookie function| eraseCookie function| reloadPage function| handleHalfpageAdAppnexus function| staticMessage function| permutiveGetSection function| permutiveReadPcsi function| loadDmp object| permutive object| googletag object| grumi string| loggedIn string| ssoData string| userId object| dataLayer string| szmvars object| iom object| iam_data number| cmpInti object| yieldlove_cmd boolean| yieldlove_prevent_autostart number| cmpInt string| yieldlove_site_id object| google_tag_manager function| cmp_getlang boolean| gdprAppliesGlobally number| cmp_id string| cmp_params string| cmp_host string| cmp_cdn function| cmp_addFrame function| cmp_rc function| cmp_stub function| cmp_msghandler function| cmp_setStub function| __cmp function| __tcfapi function| __uspapi string| cmp_imprinturl string| cmp_privacyurl boolean| adBlockActive object| YLHH object| yieldlove_site_settings object| confiant object| pbjsYLHH function| pbjsYLHHChunk object| _pbjsGlobals function| addPaidLoginTarget object| gptAdSlots string| oms_site string| oms_zone object| ggeac object| google_js_reporting_queue object| OBR string| OB_releaseVer function| OBR$ object| OB_PROXY object| outbrain object| outbrain_rater function| cmp_reader function| cmp_writer function| cmp_cs function| cmp_lang function| cmp_applyLang function| cmp_purpose function| cmp_stack function| cmp_vendor function| cmpsource function| cmpmngr_queryfile string| cmpccsversionbuild number| cmpccsversion function| btoa2 function| atob2 function| cmp_loadconsole function| cmp_getsupportedLangs function| cmp_getRTLLangs object| cmpmngr function| __cmapi function| cmp_loadCS function| cmp_append_script function| cmp_append_script2 string| cmp_config_data_cs object| cmp_config_data object| cmp_scripts object| cmp_scripturls string| cmp_proto object| cmp_timer function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing function| adRefresh object| stroer_targets object| yieldlove_ab function| IEHKBdd object| swiyl200Flags string| swiyl895Rnd boolean| videoScriptIsAlreadyExecuted object| swiyld410tc string| logIfInIframe string| MWEMBED_VERSION string| SCRIPT_LOADER_URL object| KWidget object| kWidget function| kIsIOS function| kSupportsHTML5 function| kGetFlashVersion function| kSupportsFlash function| kalturaIframeEmbed function| kOutputFlashObject function| kIsHTML5FallForward function| kIframeWithoutApi function| kDirectDownloadFallback function| kGetKalturaEmbedSettings function| kGetKalturaPlayerList function| kCheckAddScript function| kAddScript function| kPageHasAudioOrVideoTags function| kLoadJsRequestSet function| kOverideJsFlashEmbed function| kDoIframeRewriteList function| kEmbedSettingsToUrl function| kGetAdditionalTargetCss function| kAppendCssUrl function| kAppendScriptUrl function| kFlashVars2Object function| kFlashVarsToUrl function| kFlashVarsToString function| kServiceConfigToUrl function| kRunMwDomReady function| restoreKalturaKDPCallback object| DomReady object| mw object| preMwEmbedReady object| preMwEmbedConfig function| md5 function| jsCallbackReady boolean| ccshow object| breakingNewsHeader object| CleverPush object| webpackChunk_cleverpush_cleverpush_js_sdk number| __cleverPushSdkLoadCount number| _sf_startpt string| device boolean| swiyl36dsdl boolean| swiyl36dsdln string| swiyld410genat string| swiyld410sthash string| swiyld410Domain boolean| swiyl1eaforceimp object| swiylsc object| twttr function| iFrameResize boolean| swiyld1aBody boolean| swiylabaDetect object| swiyl73cMobile object| swiyld4101 object| swiyld410o1 object| swiyld410o2 object| swiyld410o3 object| swiyld4102 number| swiyld410d3 object| swiyld4104 object| swiyld4105 boolean| swiyla43ij number| vendid number| cmpGDPR number| cmpCCPA string| cmpConsentString string| cmpVendorsConsent string| cmpCustomVendorsConsent string| cmpGoogleVendorsConsent string| cmpPurposesConsent string| cmpCustomPurposeConsent string| cmpConsentVendors string| cmpConsentPurposes string| cmpLIVendors string| cmpLIPurposes string| cmpIABUSP object| utag_data object| __twttrll object| __twttr boolean| swiylbcdTrack0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn-a.yieldlove.com
cdn.consentmanager.mgr.consensu.org
confiant-integrations.global.ssl.fastly.net
consentmanager.mgr.consensu.org
de.ioam.de
f23f026d-af06-45a2-8d42-9222f4656195.edge.permutive.app
front.video.funke.press
img.derwesten.de
log.outbrainimg.com
platform.twitter.com
rumcdn.geoedge.be
script.ioam.de
securepubads.g.doubleclick.net
sso.morgenpost.de
static.cleverpush.com
syndication.twitter.com
tcheck.outbrainimg.com
widget-pixels.outbrain.com
widgets.outbrain.com
www.derwesten.de
www.googletagmanager.com
www.ikz-online.de
www.nrz.de
www.waz.de
www.wp.de
www.wr.de
104.244.42.72
13.224.99.82
149.221.204.43
151.101.13.194
2.18.232.28
2.18.234.190
216.58.212.130
2600:9000:2190:4a00:4:b37b:9440:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::681a:f1f
2606:4700::6812:451
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200a
2a01:4f8:c0:2ba8::1
2a02:6ea0:c700::3
70.42.32.31
87.230.98.74
91.215.103.64
91.215.103.65
027c0d7b4b2da8ff37557a32ec090ce9ee30f1a50473152f1ef0bc390055cae8
05609a70de07c1d5fa6f7b0b5da8ee011c7f34f7f011bd25b12bd00faca0a132
0cdfd11eeff2c617a795c4e0404e2c9fe3a200bf0ea64dbde36737a7046e8a26
12754f10e55df3ad889d8314e3f77cc396172b33f8f7b1037026d25817ecfb45
1d4501b8e8096b4206eec60425edae0a781ea68e647ce5a5c269278acf980d8e
1dc35a86a10f644d1cfb5f7d8491db979c7008c40f2f47d40a94ef5666632d55
20202db5cacb7ee924f82f02002275dd69a428b5a75596d4b8795b8dbef9c4ad
216f7aca13696ac5737f92225fb6736c8947004ee292ffb77f3f9053594d4db8
2547f6a05f9bc7d079cef2dcafafb3e1cbaf154539634a1cc806ece52080d4cd
257d920fef5f56618fcc371c559214924c0b1c3f76c58e1c822aef5d2419ad3a
30f6178437366b9a9a6e482cb32bc951069474451d3937953f2fa6a62bbfab9f
35db2cb88f809766d49506f152dda95a79fe2f69032ee48546ebae9d10afd078
378b680c9b5ee925aecc23cbde1bad589b171cc9fb16ed614bf723fa39c23414
37947a6cd7572d06dc6c959e44465d621d46fceb6263271229a565c34f5c7b7f
3b3eb675fec20567d637a92068f9fb2f5d2fd51c271ac452b7cb1283ce9c12c9
3f640a6ba326522d2664e3d409a843b00a3b1012a315ba6dbe088183cdf99dde
404a5aa0add5f0f628ab3783afc3085518d953f25b831401e869432ca144b022
46437ee5b8eaa12f089fb7b8dcd947764e4ab6be23f1ce7f815ff559367deea7
46820b7e9b8c2f4660319f38848963833dada381d77422b44477e9b6ed965452
4dc4abcd99f7976c1a0938575631974c55fa42bf76681e84ca56aeea3180966e
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc
51cbb0713107a5652677da439627b75c0e480cb774fb0c0bef19ec73f226e088
56597170b5640a4920cbf0c3e0988dfd211876bdfff374860b90f413adf8d5ad
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
59dbda86041a5f394b83391ffe0b939341aabb817fa60a6ea78c80f5835596b5
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474
6d190c985949e8a0962ca2cede3c214de8085dc9d11c726af6c00c1ae5bb7ba9
74e6c662a925840638db27edbfd900649b78b2a1dd9c7673356a11a065e3b445
779bf1eb1bf09736a833079885297e15f5f3fb8fe0d22609d2067f04300f85d3
7db8c07ae96e032052363fee82cdfc3db46f28964de14e2b29593f70fa2aa28e
7de52d316396303f406eebf973fb1235a645cbedeef0688d6c2f73f435aee215
7f96fd9ddc60fc6a9f3c6ea6a1908fd7f5907f6d5c47e49c1a93596d46f8d88a
84c6ba69bcadfef09e59874c82fe71b83ff54470e4c60d0912fc9a4aa89f64fb
864bb596bc995c5c5060cbbf7e0c51332022e4a9a0848c2dc5e9be246614a2a1
87a03fab557abda48029d1d6f6bb249e408504124c33ee96f7b7b82e73e22563
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
949bcf9d9843dc666c0ede26a7185f5dcf33145c1765d2e4a955b8550cdd07a0
98bbe382dcbeb434dcb3a9cb1f538c0d26ff0e8a30f7b5d016d28408fde747af
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a166a4bb78d25095d8516b9c0a40bce34f0bd9902e4d3ecc898d39b3449258a7
a79ab57323a064f9b6b2c38113349c31b8460c0f0915585b4f4c3316f4710788
a9e7395b119be4b272487f110886ef182b2c45b4f0e3c11859144bf93b5a65e2
adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9
af6876fa409265eb06319d5d7d02f581597691c49d22ea002d17eb38dc1538a6
b42a75b1d52657a4fb0a17a816c57682f517456a56206d8aac7d46d06ef6bb5b
b546cd55876549615a995e3de66aecf7c97fe2d394a1e0733e1e8ea5b9bee01d
b5610fc49767af28f4fc74504e126a3f156b69a1363c80160eb139a4abcf8fe0
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b63d3a021bc40338676b7587fc61214da3ab273779ffa0a97b1a94921f655734
b6ba92ae08314c14b31227bf18b630599051c03ac002083faf9401ee71b8891f
b9fd38d2825f736f62fcd58cd6543273bca1f6e8350c88ab1f6c0fa172424635
ba74e6e0c92d76387f6f1f6316397fedf93408415199f69f228daa03d5dd2727
c1df1e7a14e51af0b3012bc7d6a85341dd7d82030be02ba92d005da88d1a71c1
c38967677b0594224b1e1eee31c22250997cf3c2a50ed6b3636b8f08456a8b45
c3ecff3eca50741dd3c18b7be8ff3724ee072d933905292befb7902fa14c6eba
c3f257b29f3dc6ad983d3799e27a98490e87dc29eff545762575a4db8df94513
c8adf82585ba2cd64e1f14cfad321930da94530299abfb62b49a11fe2ebc5209
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
c9d395f9c3559d2678c5c95ef4c78dbf53b03871da03cf04726fad8e9aeaa6ff
cc76d51eafb7f6f9e592f7191ee9c72c322d9e32f97bc16f6567b4b2f057dbf8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d06cf804471a51920f1d54129d06e156739dc83133a17893da3d61c63cd5515b
d44d2d0dd7ae1836021abfd42c9b8bb9774835ee8421fb16637e44bb7f993d85
d73d70a4df5f376e27d8257b4d8421a64d49f7a5b3cc74e42313fa8ff1407f03
de2af52ce480c4ac07bfeeff12e2a676d67832f7bbf842fc84a9cc40dbbda6de
e02638af9ec83454dbb63edc5d450c9663059fb4a9bf8b777ae2485491241f89
e23a7b58894774640f82a2dd1ca6dd8433c524b3fcefd189a9325aab8b3bf0ad
e25a53227f9b5126a0dee164b210d9821b04e9409d1b3c4a92d32f8836f9bee7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae5a0861b67c301ecfc996f0bc551add8d5e7b0b050e350f356d1f312c2ce49
eb253fae199fb8d1621804e6584a9beec6a751bbf4ec991a28fa6fc7d1da4b16
ebcbba6fb3f7f0e7da48454a33ce154e50dc676e015c017557ae456021a05421
f2ff0388a2083600b5da4610b87cddbaab2184ed0e296b26bf0637157c950c05
fae559c7139f4f1b404828cb407627d744675693f094e348e8d3328bb4a1c765
fcc502f0d92b13bf37d2a7960cc7f527264bb18eb8f7e8f63cea15b1efd5c9f8
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e