marketplace.salisburypost.com Open in urlscan Pro
69.18.223.164 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/3h1FrBl
Effective URL:
http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Submission: On February 21 via manual (February 21st 2022, 10:23:24 pm UTC) from NL — Scanned from NL

Summary HTTP 81 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 24 IPs in 4 countries across 12 domains to perform 81 HTTP transactions. The main IP is 69.18.223.164, located in United States and belongs to MINDSHIFT, US. The main domain is marketplace.salisburypost.com.

This is the only time marketplace.salisburypost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
9	69.18.223.164 69.18.223.164	21886 (MINDSHIFT) (MINDSHIFT)
2	2a04:4e42::729 2a04:4e42::729	54113 (FASTLY) (FASTLY)
2	192.0.66.88 192.0.66.88	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
4	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
3	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2006	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:32::3	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	64.233.184.157 64.233.184.157	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400e:4::a	15169 (GOOGLE) (GOOGLE)
3	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
81	24

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.18.223.164 (United States)

ASN21886 (MINDSHIFT, US)
PTR: cl223-164.invision.com

marketplace.salisburypost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)

vjs.zencdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.66.88 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

www.salisburypost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.184.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f157.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400e:4::a (Ireland)

ASN15169 (GOOGLE, US)

r5---sn-5hne6nsd.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	googlesyndication.com 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 tpc.googlesyndication.com — Cisco Umbrella Rank: 120 ade.googlesyndication.com — Cisco Umbrella Rank: 261	151 KB
13	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 stats.g.doubleclick.net — Cisco Umbrella Rank: 67 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276 bid.g.doubleclick.net — Cisco Umbrella Rank: 448	199 KB
11	salisburypost.com marketplace.salisburypost.com www.salisburypost.com — Cisco Umbrella Rank: 436905	400 KB
6	gstatic.com csi.gstatic.com fonts.gstatic.com	32 KB
4	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 246 gcdn.2mdn.net — Cisco Umbrella Rank: 906 r5---sn-5hne6nsd.c.2mdn.net — Cisco Umbrella Rank: 406604	2 MB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 imasdk.googleapis.com — Cisco Umbrella Rank: 407	128 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 59 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	65 KB
2	zencdn.net vjs.zencdn.net — Cisco Umbrella Rank: 4386	20 KB
1	google.nl adservice.google.nl — Cisco Umbrella Rank: 13560	792 B
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 4034	343 B
81	12

	Domain	Requested by
16	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com marketplace.salisburypost.com 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com www.googletagservices.com
11	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com marketplace.salisburypost.com imasdk.googleapis.com
9	marketplace.salisburypost.com	marketplace.salisburypost.com
4	csi.gstatic.com	imasdk.googleapis.com
4	googleads.g.doubleclick.net	357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
4	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
4	www.google-analytics.com	marketplace.salisburypost.com www.google-analytics.com
3	ade.googlesyndication.com
3	googleads4.g.doubleclick.net	marketplace.salisburypost.com
3	357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	r5---sn-5hne6nsd.c.2mdn.net
2	fonts.gstatic.com	fonts.googleapis.com
2	imasdk.googleapis.com	357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
2	www.google.com	tpc.googlesyndication.com 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
2	www.googletagservices.com	marketplace.salisburypost.com 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
2	www.salisburypost.com	marketplace.salisburypost.com
2	vjs.zencdn.net	marketplace.salisburypost.com
1	gcdn.2mdn.net	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	s0.2mdn.net	357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
1	fonts.googleapis.com	357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.nl	securepubads.g.doubleclick.net
1	bit.ly	1 redirects
81	25

This site contains links to these domains. Also see Links.

Domain
www.salisburypost.com
www.onlinecasino2go.com

Subject Issuer	Validity	Valid
vjs.zencdn.net GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-26` - `2022-12-28`	a year	crt.sh
www.salisburypost.com R3	`2022-01-26` - `2022-04-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2022-02-08` - `2022-04-19`	2 months	crt.sh

This page contains 9 frames:

Primary Page: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Frame ID: 63D13B962689F5B75DE81CB72C8FDB33
Requests: 27 HTTP requests in this frame

Frame: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F13C260A17F5CD66267D3BAA2C693F90
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EE0796D6FC1472069F066AA90278D681
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 16BEDBE32CC72E6636E669D508828C13
Requests: 2 HTTP requests in this frame

Frame: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FB7A4C54C8EAC25717FCC5E1649DFAA6
Requests: 29 HTTP requests in this frame

Frame: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5C767829079374C4A6598C1B596EDD44
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJzDdBC89I2gAhjb3P7AATAB&v=APEucNWrBvFJkWxcnYX5AL3FhCjJmwAS-en56IkCwVVsbw1u7CTBnR23P51cZEC3mDOhNCces6ZW2XAiWXE0MQIzgfR0oT3E4w
Frame ID: 445930071BDE179765212CFE10043664
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D2DA186618D39A5116A65C9D8ADD5E3E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 710C9BFDAFDD4AD98B124A846A5103B7
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Email Friend - Ad Hunter

Page URL History Show full URLs

https://bit.ly/3h1FrBl HTTP 301
http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

VideoJS (Video Players) Expand

Overall confidence: 100%
Detected patterns

zencdn\.net/c/video\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

81
Requests

84 %
HTTPS

72 %
IPv6

12
Domains

25
Subdomains

24
IPs

4
Countries

3288 kB
Transfer

4367 kB
Size

7
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://www.salisburypost.com/

Search URL Search Domain Scan URL

URL: https://www.onlinecasino2go.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/3h1FrBl HTTP 301
http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

http://www.google-analytics.com/__utm.gif?utmwv=5.4.2&utmac=UA-16505296-2&utmn=1&utmhn=marketplace.salisburypost.com&utmsr=1600x1200&utmul=en-US&utmr=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&utmp=marketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend&utmcc=__utma%3D1.9630455684.1.1.1.1%3B&utme=8(vjsv)9(v3.2.0c) HTTP 307
https://www.google-analytics.com/__utm.gif?utmwv=5.4.2&utmac=UA-16505296-2&utmn=1&utmhn=marketplace.salisburypost.com&utmsr=1600x1200&utmul=en-US&utmr=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&utmp=marketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend&utmcc=__utma%3D1.9630455684.1.1.1.1%3B&utme=8(vjsv)9(v3.2.0c)

Request Chain 16

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 24

http://www.google-analytics.com/collect?v=1&_v=j96&a=1923517205&t=timing&_s=2&dl=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&ul=en-us&de=UTF-8&dt=Email%20Friend%20-%20Ad%20Hunter&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1349&pdt=268&dns=0&rrt=177&srt=102&tcp=89&dit=1071&clt=1071&_gst=1070&_gbt=1162&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=776250428.1645482199&tid=UA-34177675-1&_gid=1473004474.1645482199&z=697513390 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j96&a=1923517205&t=timing&_s=2&dl=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&ul=en-us&de=UTF-8&dt=Email%20Friend%20-%20Ad%20Hunter&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1349&pdt=268&dns=0&rrt=177&srt=102&tcp=89&dit=1071&clt=1071&_gst=1070&_gbt=1162&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=776250428.1645482199&tid=UA-34177675-1&_gid=1473004474.1645482199&z=697513390

Request Chain 62

https://gcdn.2mdn.net/videoplayback/id/ecdb9572c780d2e7/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1677018199/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/4C768470A7078E0AD3346F830D9B4C3B4EE865D2.6251332B637A285658ACBC5C6ED75F6FCD5611F5/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-5hne6nsd.c.2mdn.net/videoplayback/id/ecdb9572c780d2e7/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1677018199/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5A48809C99F8CB166D11E29D9E9A0A41F6445F21.1416F80F59000B3A9060DD54AFE8E42F4C60EC33/key/cms1/cms_redirect/yes/mh/_m/mip/2001:1af8:4020:a034:9876::15/mm/42/mn/sn-5hne6nsd/ms/onc/mt/1645481906/mv/u/mvi/5/pl/49/file/file.mp4

81 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request EmailFriend Show response
marketplace.salisburypost.com/AdHunter/salisburypost/Home/
Redirect Chain

https://bit.ly/3h1FrBl
http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

54 KB
54 KB

192ms
102ms

Document
text/html

69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to

Full URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 62d8362fa6fbbbf7df422d7fb460a0a505b2320d5899a006a0382d89e2245a6a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 4.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 21 Feb 2022 22:23:17 GMT
Content-Length: 54803

Redirect headers

server: nginx
date: Mon, 21 Feb 2022 22:23:17 GMT
content-type: text/html; charset=utf-8
content-length: 200
cache-control: private, max-age=90
content-security-policy: referrer always;
location: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
referrer-policy: unsafe-url
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK bootstrap
marketplace.salisburypost.com/AdHunter/Content/ 143 KB
143 KB 180ms
92ms Stylesheet
text/css 69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to

Full URL: http://marketplace.salisburypost.com/AdHunter/Content/bootstrap?v=tJ0VW9jNOokvG0D9xvshzf9J-pSNMHnzycbIcCpIfmo1
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: a24ab1e87cb04628ad6b619682abc4027b6ff60d9579d05218130eff57ec7eec

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:18 GMT
Last-Modified: Mon, 21 Feb 2022 22:23:18 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent
Content-Type: text/css; charset=utf-8
Cache-Control: public
Content-Length: 146041
Expires: Tue, 21 Feb 2023 22:23:18 GMT

GET
H/1.1 200
OK brainworks
marketplace.salisburypost.com/AdHunter/Content/ 4 KB
5 KB 181ms
91ms Stylesheet
text/css 69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to

Full URL: http://marketplace.salisburypost.com/AdHunter/Content/brainworks?v=mqxGbJGMFUbx-4-xCEvr-WbDREMRMozoD5WKNDVXaNs1
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e8018aebe1815f3741693a5b9766a1b4d5202f828c876a4e57e6dd1228dfa74d

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:18 GMT
Last-Modified: Mon, 21 Feb 2022 22:23:18 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent
Content-Type: text/css; charset=utf-8
Cache-Control: public
Content-Length: 4595
Expires: Tue, 21 Feb 2023 22:23:18 GMT

GET
H/1.1 200
OK modernizr Show response
marketplace.salisburypost.com/AdHunter/bundles/ 11 KB
11 KB 182ms
92ms Script
text/javascript 69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to

Full URL: http://marketplace.salisburypost.com/AdHunter/bundles/modernizr?v=rGcoDow97GYrNMSwHq7xCCjlcB3UIY4_OhPRc6BBSQA1
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 5e36d275e3ba58a075e5049d57e29b5d01f75528aa8143280089e27b5a536305

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:18 GMT
Last-Modified: Mon, 21 Feb 2022 22:23:18 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 10875
Expires: Tue, 21 Feb 2023 22:23:18 GMT

GET
H2 200 video-js.css
vjs.zencdn.net/c/ 17 KB
3 KB 45ms
13ms Stylesheet
text/css 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vjs.zencdn.net/c/video-js.css
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d77554d7adaa974ab50b409f6c81bfd0ab1afe3babd4591b4f1f2c4ae226c03c

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:23:18 GMT
content-encoding: gzip
last-modified: Tue, 07 May 2013 04:04:26 GMT
etag: "a5acd78c020477bb231ab1b484dea3f8"
x-served-by: cache-ams21083-AMS
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 2861
x-cache-hits: 17

GET
H2 200 video.js Show response
vjs.zencdn.net/c/ 62 KB
17 KB 46ms
14ms Script
application/javascript 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vjs.zencdn.net/c/video.js
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2d49a779bd9e88769cc638bd3cbc84bc4d10d901efbadec3818bb5c5f3b88142

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:23:18 GMT
content-encoding: gzip
last-modified: Tue, 18 Jun 2013 08:46:52 GMT
etag: "b1fb6d997e399b40382a233bbae479a9"
x-served-by: cache-ams21083-AMS
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16790
x-cache-hits: 12

GET
H/1.1 200
OK jquery Show response
marketplace.salisburypost.com/AdHunter/bundles/ 90 KB
91 KB 184ms
94ms Script
text/javascript 69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to

Full URL: http://marketplace.salisburypost.com/AdHunter/bundles/jquery?v=CkVTG71m7lHB5jSCpyOSxbeCVJLIPag7u7NL4ykFenk1
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c7ac00fbaa6a387f5792ecc644f10cb3b8fcd00b358eec9cb90cbb22794687e9

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:18 GMT
Last-Modified: Mon, 21 Feb 2022 22:23:18 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 92556
Expires: Tue, 21 Feb 2023 22:23:18 GMT

GET
H/1.1 200
OK bootstrap Show response
marketplace.salisburypost.com/AdHunter/bundles/ 36 KB
36 KB 183ms
92ms Script
text/javascript 69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to

Full URL: http://marketplace.salisburypost.com/AdHunter/bundles/bootstrap?v=C8V_e6x3bw9y0H14W5_juFOkSnvTPaz9Mtz9cg1i1D41
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 68aaea43baba9970d59648385e49f25a348a96c29bfcfbaf7bc9e7f220e152e2

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:18 GMT
Last-Modified: Mon, 21 Feb 2022 22:23:18 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 36559
Expires: Tue, 21 Feb 2023 22:23:18 GMT

GET
H/1.1 200
OK adhunter Show response
marketplace.salisburypost.com/AdHunter/bundles/ 588 B
917 B 341ms
92ms Script
text/javascript 69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to

Full URL: http://marketplace.salisburypost.com/AdHunter/bundles/adhunter?v=Sw5gzoOe2SsCh0QZi65hASrcTc7q0Rv6mHPCwBapRh01
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: eb4ac05d8923740a5d8956572b69dbf911035c9bbebc591fccc1394e4b6fafc9

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:18 GMT
Last-Modified: Mon, 21 Feb 2022 22:23:18 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: User-Agent
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Length: 588
Expires: Tue, 21 Feb 2023 22:23:18 GMT

GET
H2 404 AdHunter.css
www.salisburypost.com/wp-content/themes/2014-bni/media/css/ 0
0 46ms
14ms Stylesheet
text/html 192.0.66.88
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.salisburypost.com/wp-content/themes/2014-bni/media/css/AdHunter.css
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.66.88 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
27 KB 77ms
28ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64048268e2f8caeec11f90d90bc9fa6f2e425f3cc9ea8a1f26dc12636b286e03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:23:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27552
x-xss-protection: 0
server: sffe
etag: "1139 / 259 of 1000 / last-modified: 1645225613"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 21 Feb 2022 22:23:18 GMT

GET
H/1.1 200
OK banner_960.jpg
marketplace.salisburypost.com/AdHunter/Images/ 45 KB
45 KB 100ms
100ms Image
image/jpeg 69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://marketplace.salisburypost.com/AdHunter/Images/banner_960.jpg
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 0abb1761b76e3bb665dc4e33c6ebc9b5fc019d21012999219b63f98f57cbc2f2

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:18 GMT
Last-Modified: Mon, 09 Feb 2015 14:16:00 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "0d0c7ed7244d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 45978

GET
H/1.1 200
OK GarageSaleMapButton.gif
marketplace.salisburypost.com/AdHunter/Images/ 14 KB
15 KB 105ms
104ms Image
image/gif 69.18.223.164
MINDSHIFT

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://marketplace.salisburypost.com/AdHunter/Images/GarageSaleMapButton.gif
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: HTTP/1.1
Server: 69.18.223.164 , United States, ASN21886 (MINDSHIFT, US),
Reverse DNS: cl223-164.invision.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3915a9586014fa6faf8d03e592894bd0406794eab0d0120a42ac117dce40786

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:18 GMT
Last-Modified: Wed, 09 Nov 2016 15:35:24 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "0c64ee39e3ad21:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 14659

GET
H2

200

__utm.gif
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/__utm.gif?utmwv=5.4.2&utmac=UA-16505296-2&utmn=1&utmhn=marketplace.salisburypost.com&utmsr=1600x1200&utmul=en-US&utmr=http%3A%2F%2Fmarketplace.salisburypost.com%2FAd...
https://www.google-analytics.com/__utm.gif?utmwv=5.4.2&utmac=UA-16505296-2&utmn=1&utmhn=marketplace.salisburypost.com&utmsr=1600x1200&utmul=en-US&utmr=http%3A%2F%2Fmarketplace.salisburypost.com%2FA...

35 B
193 B

88ms
39ms

Image
image/gif

2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/__utm.gif?utmwv=5.4.2&utmac=UA-16505296-2&utmn=1&utmhn=marketplace.salisburypost.com&utmsr=1600x1200&utmul=en-US&utmr=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&utmp=marketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend&utmcc=__utma%3D1.9630455684.1.1.1.1%3B&utme=8(vjsv)9(v3.2.0c)

Requested by

Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

Protocol

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 20:19:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 7418
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/__utm.gif?utmwv=5.4.2&utmac=UA-16505296-2&utmn=1&utmhn=marketplace.salisburypost.com&utmsr=1600x1200&utmul=en-US&utmr=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&utmp=marketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend&utmcc=__utma%3D1.9630455684.1.1.1.1%3B&utme=8(vjsv)9(v3.2.0c)
Non-Authoritative-Reason: HSTS

GET
H2 404 AdHunter.css
www.salisburypost.com/wp-content/themes/2014-bni/media/css/ 0
0 13ms
13ms Stylesheet
text/html 192.0.66.88
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.salisburypost.com/wp-content/themes/2014-bni/media/css/AdHunter.css
Requested by: Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.66.88 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 pubads_impl_2022021502.js Show response
securepubads.g.doubleclick.net/gpt/ 360 KB
121 KB 67ms
20ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

61daa5e10d1910c94db36832a3adb3e9bec2c60a0b584b37daea27f634f36fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 19:51:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9119
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123418
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 02:34:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 21 Feb 2023 19:51:19 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 306 B
803 B 79ms
31ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=marketplace.salisburypost.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ea51cb65f2225b15c0f8dbfd0ff525daaa632279c558b32923cf07cf0c689828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 21 Feb 2022 22:23:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 166
x-xss-protection: 0
expires: Mon, 21 Feb 2022 22:23:18 GMT

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

49 KB
20 KB

60ms
21ms

Script
text/javascript

2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

Protocol

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2905
date: Mon, 21 Feb 2022 21:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 21 Feb 2022 23:34:53 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
156 B 28ms
27ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1923517205&t=pageview&_s=1&dl=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&ul=en-us&de=UTF-8&dt=Email%20Friend%20-%20Ad%20Hunter&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=399387000&gjid=195261406&cid=776250428.1645482199&tid=UA-34177675-1&_gid=1473004474.1645482199&_r=1&_slc=1&z=1137914080

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://marketplace.salisburypost.com/
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://marketplace.salisburypost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
792 B 102ms
40ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=marketplace.salisburypost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 21 Feb 2022 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 93ms
32ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=marketplace.salisburypost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 21 Feb 2022 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 197 KB
60 KB 424ms
396ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1670500222980652&correlator=479614009868683&output=ldjh&impl=fifs&eid=31063378%2C31064986&vrg=2022021502&ptt=17&sc=0&sfv=1-0-38&ecs=20220221&iu_parts=1613683%2CSNL-300x250-1%2CSNL-300x250-2%2CSNL-300x250-3%2CSNL-300x250-4%2CSNL-970x90-1%2CSNL-1x1-1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6&prev_iu_szs=300x250%2C300x250%2C300x250%2C300x250%2C970x90%7C970x250%2C1x1&ists=1&cust_params=catname%3Dclassifieds&cookie_enabled=1&bc=23&abxe=1&dt=1645482198962&lmt=1645482198&dlt=1645482198117&idt=824&frm=20&biw=1600&bih=1200&oid=2&adxs=260%2C260%2C-9%2C-9%2C316%2C0&adys=377%2C940%2C-9%2C-9%2C11%2C940&adks=3413576679%2C3252372765%2C223321368%2C3933407519%2C3166178871%2C537805027&ucis=1%7C2%7C3%7C4%7C5%7C6&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&vis=1&scr_x=0&scr_y=0&psz=300x0%7C300x0%7C0x-1%7C0x-1%7C970x2%7C1600x1010&msz=300x0%7C300x0%7C0x-1%7C0x-1%7C968x0%7C1600x0&ga_vid=776250428.1645482199&ga_sid=1645482199&ga_hid=1923517205&ga_fc=true&fws=0%2C0%2C2%2C2%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0&btvi=0%7C0%7C-1%7C-1%7C0%7C0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

07a296ff289165067a4dec423eaaadd5957600e5c7c92e87985ac79f08b120d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:23:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61673
x-xss-protection: 0
google-lineitem-id: -1,-2,-2,-1,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-2,-2,-1,-1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://marketplace.salisburypost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F13C 6 KB
4 KB 107ms
28ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 21 Feb 2022 22:23:19 GMT
expires: Tue, 21 Feb 2023 22:23:19 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
448 B 70ms
24ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-34177675-1&cid=776250428.1645482199&jid=399387000&gjid=195261406&_gid=1473004474.1645482199&_u=IEBAAEAAAAAAAC~&z=433232907

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://marketplace.salisburypost.com/
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 21 Feb 2022 22:23:19 GMT
content-type: text/plain
access-control-allow-origin: http://marketplace.salisburypost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 109ms
34ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022021502&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a4aad7baea607902d7f2aababbd7c76e4b93d167c62c756b1c25a39579172c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 21 Feb 2022 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9831
x-xss-protection: 0

GET
H3

200

collect
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/collect?v=1&_v=j96&a=1923517205&t=timing&_s=2&dl=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww...
https://www.google-analytics.com/collect?v=1&_v=j96&a=1923517205&t=timing&_s=2&dl=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fww...

35 B
55 B

21ms
20ms

Image
image/gif

2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1923517205&t=timing&_s=2&dl=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&ul=en-us&de=UTF-8&dt=Email%20Friend%20-%20Ad%20Hunter&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1349&pdt=268&dns=0&rrt=177&srt=102&tcp=89&dit=1071&clt=1071&_gst=1070&_gbt=1162&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=776250428.1645482199&tid=UA-34177675-1&_gid=1473004474.1645482199&z=697513390

Protocol

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 01:05:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 76656
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/collect?v=1&_v=j96&a=1923517205&t=timing&_s=2&dl=http%3A%2F%2Fmarketplace.salisburypost.com%2FAdHunter%2Fsalisburypost%2FHome%2FEmailFriend%3Furl%3Dhttps%3A%2F%2Fwww.onlinecasino2go.com%2F&ul=en-us&de=UTF-8&dt=Email%20Friend%20-%20Ad%20Hunter&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1349&pdt=268&dns=0&rrt=177&srt=102&tcp=89&dit=1071&clt=1071&_gst=1070&_gbt=1162&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=776250428.1645482199&tid=UA-34177675-1&_gid=1473004474.1645482199&z=697513390
Non-Authoritative-Reason: HSTS

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 119ms
70ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 21 Feb 2022 22:23:19 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EE07 13 KB
5 KB 51ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Feb 2022 21:57:20 GMT
expires: Tue, 21 Feb 2023 21:57:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 16BE 783 B
1 KB 100ms
30ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c4a8e189509fdf64407c77cf16faa094310c7654690cac86b9b31f32c827fecb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LMHIxvOJmBiv3gErPufQ2Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 21 Feb 2022 22:23:19 GMT
date: Mon, 21 Feb 2022 22:23:19 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-LMHIxvOJmBiv3gErPufQ2Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Hujgl23SVzI3rZSj4hNxUITd7BayDnfI5D3l6J-e8FI.js Show response
pagead2.googlesyndication.com/bg/ Frame EE07 35 KB
13 KB 48ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Hujgl23SVzI3rZSj4hNxUITd7BayDnfI5D3l6J-e8FI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ee8e0976dd2573237ad94a3e213715084ddec16b20e77c8e43de5e89f9ef052

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 20 Feb 2022 19:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13646
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 19:53:15 GMT

GET
H3 200 container.html Show response
357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FB7A 6 KB
3 KB 49ms
21ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Feb 2022 22:23:19 GMT
expires: Tue, 21 Feb 2023 22:23:19 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5C76 6 KB
3 KB 45ms
22ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Feb 2022 22:23:19 GMT
expires: Tue, 21 Feb 2023 22:23:19 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 16BE 0
0 84ms
84ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022021502&jk=1670500222980652&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame FB7A 19 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:15:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 443
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Mar 2022 22:15:56 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FB7A 8 KB
1 KB 86ms
36ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 20:44:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 21 Feb 2022 22:23:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 21 Feb 2022 22:23:19 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/ Frame FB7A 14 KB
3 KB 70ms
20ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.css

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 12:51:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34289
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 10:36:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Feb 2023 12:51:50 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/ Frame FB7A 355 KB
123 KB 70ms
20ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425d7478422a02b8592686dd947b18cae0ca66ab39dc437067219356fb7a0a61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 18:59:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 530611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125995
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 10:36:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Feb 2023 18:59:48 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame FB7A 15 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Mar 2022 22:21:58 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4459 0
683 B 81ms
32ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJzDdBC89I2gAhjb3P7AATAB&v=APEucNWrBvFJkWxcnYX5AL3FhCjJmwAS-en56IkCwVVsbw1u7CTBnR23P51cZEC3mDOhNCces6ZW2XAiWXE0MQIzgfR0oT3E4w

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 21 Feb 2022 22:23:19 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 21 Feb 2022 22:23:19 GMT
cache-control: private

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame 5C76 19 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:04:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Mar 2022 22:04:31 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/ Frame 5C76 6 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 18:53:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12588
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Mar 2022 18:53:31 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C76 0
571 B 127ms
66ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuCPdyk_a6MXE1ZPVvv5mfZ4J1UGedv-ZFSiCdWQHS-hZUqovEqAzxMyxKbzfTy0vUShJ7s8WE1BpQFQ1l_-dK3ZK_w18OKaiV7dV98mSKO2n_pyuEx18mKs5ZnOwcyEUZDOGctvtjHWqZjr07FTzK9p-LMFohGMuDIPhamYeyRQxiuI7uCCt42CqM-lxk79Kq3SDbj4HK8AqNQraxYZYDR-MOxQ1WFReEzX-7A9vfDkc8geu5or4JYG2tHDb6i2tySrAcRjZcSHlKx_ZZtOGcJ74i8zGDqgZb-Ztzz8xzm6ufyYAr6aC2RqQFJI_PHvtynMtljmHoEabPwpgYIRyLe3gRxdGyd3EehWzbCNOoXaaqYinikV-wQvvf6p01_LUA0dc3sZgR-51cxvzQ7Yc0MvLwSCV467fEsAogfTVJ4GdpK33Ps1EBWp8mL1qKG_ngjP6osfMH2QeeVQn4tYjZH38Xt4eKAAG61R-_A87KNe65qTM6bcTJxgOLSGOm8a3i_D5K_yafm-yczeLbqOqrzxIVGx4HC_W2t6ZgbEQqkGFk5pBzu_2_ynOoNmn-LCJg_hKC148lzjDp1ISnKIHdhmc-gyvp9JQ-tzjXkD1Ti4pdu6fUf0wpYbZNG0BiXBHEBdoyXTE7jcttOMX6QNji3BkzPCxGClCniSXVAZAu3Eilf1DOTHG87Yo43P4Vbcg4Rjhr4GkRRkKGdJpu-xD2Kk6q7r9CvtT-ad6g1G_u8zFH7h7KlpF2emti4s4UlJ5SfnDyEfqkBq7ypzadgosuHkd0HKsFXP34vPAlVJrCCSElQkaZ2mjjC14KIVUJMUL2l8_HXIaHN5B78lWYOPd6lRDOr5hhFgR_USERqGwnpTLf5wdBcb1YUAjHp7Czw1cGILjznXRC-u6Aao_eEu0SXFvZfe-dhq12mrYdhU-G-Ufe7KruvJLr-zeL-8H2jRMM4tbBLHy5VnSNL35S4V5yTa3dUCYOewiuxlVwSeXa-kALxwrtMyalAxrtiKwNLZiPH1GtAHIDsXt5oiiVAXUAQKmixjnwhVABWeXzzfsE0uMjzGXFqqfGHcvC1V8bgj-exxH46igIMd2k38USkp2CNrxLJwl11uEMte_ZLWQ11saFJLo7btDjKsDJfTli84D56MzF1WsQ2dcbQz55E2f-BTTcGbwkKIHUmJMaJmJ-o9_AFtpVRUszXpd1sPsrcgRM&sai=AMfl-YTBNHs37DLN3kAo0Oj29LvwHlZ4GB3K8Brk8i0LNk18YpKb_bEpQP4X_upIXhCniXnDdvTS9yeoy8nmYUDUjatfRwCoRAT4ofwRC8j23YtoQEAjowNqUXMEW7yQ1NbL1pvmCxiq0h_oRZ72F2d63fgfgtW5-g_rCWj7ht1Si443bsZmjNSMMEYUB1XqEsnBQYzMLnsOMd9y56rjXIW8Ykj7A45Y2QCMPFAa7dIiz-42JlKdwtpo8D_IT2iVAxWAshQs4-4wWM6O1GONkde-QlycH45ooxxserMSL0NLsKLcniJgta_U_As1L54zd8r9KbaT8LnV05yMpZ-sooS60-7kv-MCP03rICArAO6taRxtSo73iQWSsXeSiuIiJeUWX_wIS9JQQq407w6YGfg7WQ&sig=Cg0ArKJSzOm9xsiZW4SZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20220216.93313&adurl=

Requested by

Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 21 Feb 2022 22:23:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5C76 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:13:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 367778
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Feb 2023 16:13:41 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C76 42 B
63 B 54ms
54ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DRagBS1ufGwCPipNC10GK6NM9gLaFTu9I0C-ENm93_C_MhrvcUpNyuzO7rDpvxseAsZB_mImIHsPNu-juomqb0gyGYO_yp5A2E1Ms5Ukz_ERwLKBE

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 5C76 2 KB
1 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:21:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Mar 2022 22:21:52 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 5C76 15 KB
6 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Mar 2022 22:21:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5C76 0
0 68ms
28ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRckV5ED-PeDL6nBesMUWkW7tlTJNo3FhF2y_dPFN71ereGiSFZJTYKUklaPnKyqI_UTHco
Requested by: Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C76 124 KB
38 KB 95ms
56ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 21 Feb 2022 22:23:19 GMT

GET
H2 200 867892036567278283
s0.2mdn.net/simgad/ Frame 5C76 96 KB
97 KB 80ms
31ms Image
image/png 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/867892036567278283

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

592e90b668cbb57ef50d7f2b95482426061af541ae5d19bd4f8e7906890ffc6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 17:23:36 GMT
x-content-type-options: nosniff
age: 536383
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98692
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 06:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Feb 2023 17:23:36 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EE07 0
9 B 20ms
19ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?T1EGSA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:23:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D2DA 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Feb 2022 16:14:25 GMT
expires: Fri, 17 Feb 2023 16:14:25 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 367734
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5C76 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6229539021ff0e6893f9439e30e33fb44f01e21769f7d1b9ab518b0cd30c1ab8

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022021502&jk=1670500222980652&bg=!i4iliMzNAAbf-5Dq3_s7ACkAdvg8Wq_JwEQrjfVnT8Ou3U1eBg_LXRzkycDz1QQGGIlUKWeZBSI7WwIAAABzUgAAAAFoAQeZAu9da53-f2a_NN8vM7O_mHQltPXUCuBtA4G18URaQerUBcUI9pb1abZ1k5Xz96vCP3CO_DN4iwMcgSk8Tn5OkmM_pSO81h-H5MOEgGI8Z3hQ_sDU1NEJwRPZbzjCJTDvy87wJ9apqwNhik3vYQ4L5JU1vPEJy07Ar4vQaID8VQGpXkZ--3LH5dtPwwy9O0tYe9KfndVDv1WkoxFMmFwaqJqdWbOnTVac35B9HT3uWC3nDkGnXR0uKzZgItg5O5BVfhz4nvDnM9v4jckw2OVmza4yEmF9PnhyPNzDMGxchpKYz4PgzxHDIO8313aKEPivb3Mi1658DNwXfBp_GeuSdpx2cWZRTSo5EKHnrMCX3xqQLMWpHrlwgOT4YmM6lmDChhhg50ByHKR45Cm43XTG9bTL9e9n5dNomhbt7TFSutz03wseP9hou_58k_IoX9s_oWr7iLXTKPGp7OwYGopKMaczBMelge4VOwrfnHQrhCZKYufc4jAHZ9dLJVll03Wgc1lJPAgW0wn_08MWEsjajfBEftzUOlXHEa4gnRk63O-XOg79cEKCuIx6u9qspMPTHOvn7k1O9EhunM8nW9ZoDmaBM9vGp7NROShTYTRc0zeXaZlfl6YTIFNIl4pFE9o8v6vXvrPn2LmmuhZinXUnwOIZ7bBv92fDKJGtvOw0QPOrPpbTQNiqckudwa3U8aIJkR1ndv8SG2SsYt9xqjrR3SYIIjTZQmU6DxjvLO-UYCxvK0e60TR3SQ3Ig34844Yj0OADCV_zanNQ4EPFowZF064illIXoxtuEXY3zoBym16icOF99ZgMD3cffJz0_VmzBAAVXxG1eyK5kvx8TDAb46ggN_f3nIvKKcLMCfU2AAhO2HEQz7VvlE4v6M_qdTcbfJbxc-WZJ3ysgoRGm2g6ibGG4nC30ARnowEOxtt5kWzUT05jXcoNugEuNx8N6fPgzR7fg2MQU_5vMZvCFMIcO0EGglOIYTloqht5uIj5m0Pr

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: http://marketplace.salisburypost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 RTAFWjK1oaY5MR175eart5uncqyuFBD5-f7_3Cl3Idw.js Show response
pagead2.googlesyndication.com/bg/ Frame D2DA 35 KB
13 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RTAFWjK1oaY5MR175eart5uncqyuFBD5-f7_3Cl3Idw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4530055a32b5a1a639311d7be5e6abb79ba772acae1410f9f9feffdc297721dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 15:19:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13529
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Feb 2023 15:19:21 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame FB7A 0
327 B 50ms
17ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=1~kzx9m73p&c=7152746146374&slotId=3576373073187&qqid=COrK1e_qkfYCFYXKdwodoo4G7g&fb=outstream-lima&sei=44714743%2C44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:19 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame FB7A 15 KB
16 KB 69ms
21ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 448020
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Feb 2023 17:56:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame FB7A 15 KB
15 KB 72ms
27ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 09:48:03 GMT
x-content-type-options: nosniff
age: 304516
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 18 Feb 2023 09:48:03 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FB7A 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=Cgfuj1xAUYqqDA4WV3wOinZrwDvjR6M9n0fD3psgPsZad5NAoEAEg163ULWCVoqCCsAegAaH1-ZkByAEFqQKL4yTeZwazPqgDAcgDmwSqBIsCT9DoKnHru3dtbpLbMYx4UoftxeH__d2Fp5hfALMzaThPiVGx3cq3rQ1UNhg08rcFsKhIDDu1uQftde0NTxBI1xh6AJScrWscH-futUuXdSTDly5d55j4TCCGooOQyBo3Aj7Z6mdqBnW1lsc74AgCT_BENc6MNS890rzbJrO1zw9G-PBuBmlkxiKF18jRpjZFGgAvnoIL4OK7rgY9oJPsuIs2u88ZXdt7biMuyl7eLZB3EzfxAyBaLkBp1OwXX4gJX-mR2_CE0fJZOHzqF-GZwj5w30BFWpdCxm-j8Znmkc4pj8ocyKPn4AOEGC2PEj4QciK6IpwfQhUUWlT6ImDhwI-iXd50yVwzuewVwASQ-7CCgATgBAOQBgGgBnaAB8eKhuYCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgHAQARgdgAoDyAsB4AsBgAwBsBOTtu0NyBPPmoDfA9ATANgTCogUAtgUAdAVAfgWAYAXAQ&eventType=clickstring&clientTime=1645482199674&ai=Cgfuj1xAUYqqDA4WV3wOinZrwDvjR6M9n0fD3psgPsZad5NAoEAEg163ULWCVoqCCsAegAaH1-ZkByAEFqQKL4yTeZwazPqgDAcgDmwSqBIsCT9DoKnHru3dtbpLbMYx4UoftxeH__d2Fp5hfALMzaThPiVGx3cq3rQ1UNhg08rcFsKhIDDu1uQftde0NTxBI1xh6AJScrWscH-futUuXdSTDly5d55j4TCCGooOQyBo3Aj7Z6mdqBnW1lsc74AgCT_BENc6MNS890rzbJrO1zw9G-PBuBmlkxiKF18jRpjZFGgAvnoIL4OK7rgY9oJPsuIs2u88ZXdt7biMuyl7eLZB3EzfxAyBaLkBp1OwXX4gJX-mR2_CE0fJZOHzqF-GZwj5w30BFWpdCxm-j8Znmkc4pj8ocyKPn4AOEGC2PEj4QciK6IpwfQhUUWlT6ImDhwI-iXd50yVwzuewVwASQ-7CCgATgBAOQBgGgBnaAB8eKhuYCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgHAQARgdgAoDyAsB4AsBgAwBsBOTtu0NyBPPmoDfA9ATANgTCogUAtgUAdAVAfgWAYAXAQ

Requested by

Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame FB7A 31 KB
15 KB 93ms
48ms XHR
text/xml 64.233.184.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-AlnOkp3XD7C-kA4Kzity_M1GZR7WYs-qbaj-AxmafJuR8b047IdtFz4haSAyOOwbbqGCvsyr49MvcOf6r98zLP6Ry3uQ&cry=1&dbm_d=AKAmf-Ak1kRLYVvNurj9sp8rZCjez1MYRg-3B3DgjyRCvLZMRWFZcbh07MJvVOIvVQdHeonObEc297yWu0hN1oOWMa_APYj6kf0Z57Ynp5O-LMuMfxYVUtWo5U8TAl-Gu0Unae4q8zotkAVlhwF72037_HUSf6-9VKNjynadSgJKgJUKWy_Eb4tcQ-KG9t5mUOlz-1KWQX2MOy5F7-cmkt7Q3QbgQ7h1W4kir5Yw8FDAK6q5shM0pQi09IwSgUOUqvw-FQyX8PzKrcoDJI8xfkBWmouk4Em3K8JVx4xh2FrvKV7iaRkHvS1Mesc0MdPurAwpd98j8kHpqaXaOcEFSdBSGDiB2Blv_zZdwhKORh7WSzKG7MewwH0xrl99QfrRFzzVk950PWete1bMAHMfcyENPrpRbNCVgxpZ4avpRO4_y7JZBRZSvqlvgMIdAKLc8eTOPPbJAE0Lh8CEdOPV3CVsejvy-ST3SuxEp1iGLBAel2IfYNOhpuhN-6z4XFAvJU3281jmdmrgTqK53GPHO6RaoN_nHJq8Tfn2o0yQGkqD3yqfNu71XEcRX3oluhGZD9d_-am_lyjieeNH8JFqvXiXJblRcoZR8rMlhwHtBoNj1psKzQT1s9u0-7kcpkrPsQRqGDN9T2J-KXD546D_9ZsnfYyGk9ISZN8EcZDAxSjrV4qSoVdOoWe6NKUTyWeQsdiK6uXLq3Ikp2fjirIIE_xveCRFQPTe_ioRI4peUelzjtRFTqCz_t7k6i1nT--Mr1eGSDS4B59VIYKQ3ecJU9wnPSongsPk7MWm-E8eQjCeQ_FZXnkOw-xNlPY2akE3DyAb6p4G6NhwW8E2S-ezbA8xYGoLoH7RpOcURrxvVgcpG-AkWxX7YIgVpUIHU8gfsfzZojaZGCXNSzjU_1TuwcCv-dTi6okij3Fq7rDNPrnPiwSgm-qxWcXxAh_8e_5uUjs3IZxVGpM_6_63NdR0YxMpQaA_pWWePIFzgK8BXer-NTgFDNKEhoPKiZmhgAIapX48wqJPC6nEuQ3cD1iE6KJhwG52_5_-qt-n5usA-wZhEWshuhc40FZma7HJevW1QdFVpB1ZO2XPYmzAsX3r39IGUjYw10CXGA7pZFEviHXcI5hHIUkyXdlpPVg4QcYSLMjzwLyGRyxUyX0rRkNqCmVEXMo7TiBGEapo7Ovp8WuFOUGm350O1qVjb7pAlsaOsUlebL1cmaTZ4sUZz92s1q9c6S-3cw5oc8GLfH8IS8i5FgRUtqV5O7KnyNVCyq7du_C-hoMDlq2WykJ1SVofm66Rnst3qLmEiKit4CJX6ls6had7WWSET-assAltVFEiC-YBq7tcghGmpjxStKQovQlDMb1SgX9BufGDeroV3CezLIRvFDOdObMf8lsU7M1ioOAoXOvaS4E83kCmifveRhV1wNwwoj2Ywljx3oO8TtU16CWUcpQf0k2mEkaAjOlkyKB1NBEZBBIhsOev5SHcVaijPvy4fHr_i1PKfjUcI2sXxtl975Avx9MwZ6nK2__zD5Z9tRfNdUBEuXYlkHhQjxiE42qABwrYAZiVSjTBaW_PCDfmVdHCnU54MykddEa1zw79gzuxxEQZeRrycyQ_fElWIDJL9QIE7Tes2KvJPlJcVO-mha-z1lVSEJVL3CHzoPWQkep7pVXpj-T65cK2uxmKpTpmX6nf3-Zu5xFILnCb3jE-EE4cZ4UE1oe2j6XNxlo7yh4Sbr3vler5mMN5i1iUT2WofRFTjL41OHtGIpeJTqjHG_KSwVgu703tH5sg-6FyvHCVytsmUZGv8kkNBmSOiT57P_4Onh2KWWWAlwUwQePWz-VWBrgHQ20O3v44e5zOgK2uB_Bj8XikHpn6XZUe3yq0tBlL9RMULHw-YeJ7_8OLQTAccvxR6GU_iCEoeIuGW5y4e-F3silEHZvfFKhpP__KLwC0zFATFsVo4UMlEAQ14vIBTHnpUujWhBAWHH7SLtUufWDoT_dUbUaf2Fg7WoHDwYZUEIA3b5dcxCEyjDtinoNqwLBnE18X-lck89eLj3BA1L36Oo-DzVsQ8CubNM_3wBVfSMjfS9qgOZNF4Zn5cJo3Gds5xnhlLJ-fm0mZNhYf8PPPL-BUDS_9D_ae-Qw2x-6J_YGvzX9HVFKXFs2Xl37HjnzdgUv69JYhDf4vrBKfbVsdQ8HGINEoRgMNXgYF7y945ZuL6evZXl-v_Ik7yxjX53Ols1mvcGx07l9v_URqz3oeMgvCsAAn9otVM15WLI9A20ibxA0EPobQR2J2DjDzkYIKw6T2DN153I-cREhTIJVLs4q0OYxKFnVO51KB_P7R6K9OrIPolUAUMEQm1stPFIXaJrA_Qn1FfR5cF-oS6B6J6D1kkwR5oMnLu-qokDsOyEGHEd4-FwXNAwGdbEmxAwI6KaDN0yHqseAKTwA2yMsyvMGhHV1DmhR_heKCs-MPZuhr7chiK7Wq_4HjMucAupvhScYrooGemYnDVz0Gib9X4ffj4NmkgxpieVZt6FCFz3arz_unA2F0Qqo1lfoMCUWedu0VueTCPNXnTZ3Rk3hgpKtlXLlHiHEAKNNRB-zOzAkT4KCORKK2IBCwcB53B_f9WpQ5tL8PQET0VUGAs5kdVMIo_XpOHtn2BsQaOdzqpaF6reNpNeJgpByoDDnQRu-mksOlS4PwRAggx0bEyXC96rfS9wn8kwWhyJUf66sCrP7j9AMCJBs9hn-GMOP6pLEL71VLszUkF0OknUKk6eag9vh41Zgw6gZv9IvmtSBYE3bdgXwZ5WXC5F6xPGP1zDcFiLzLEZF7Ls2vzbQ1TGsr0jeFfdrp4n1VLoQDCHaxdmC8yCXVwQQMtsigA3RQieqKoUSfsJNsW0zm1_PDRdwGw0I_xb8qzTw3toR6-SRexIIwzu6joGYpQeZTjBlfsCL7feun6I6K9kXr39mx2pbc4F7ebt-ej7J4vgIALL0cerYtKEQy4ESP-dVCxleBA_8kRmAmOac9lDmHn4wZd4eKssixYc98Ne8UdWHNtcZy9EEvqvuvp_pblHtBSUj-3GNSNBfRgPUKnzOEd8ucGpIOhE4JC7VzQprCgTjP4CG_z1URwE7L1v8fLFfxynxA4_nAsCgR0GLIyc3MBJe-5LDYQLX0s8QF5onDOnLxgiukZfW91FqtonXhMpnCCJdLfV3f8vVLtKUdFvIc77y6PB3TTcmZvFz4ha7IPOpvwcy-5GGkxNVyI5FV0y1nmr_ZaiRUOTxt-NjQ8T_d7r2AldhQk6G9wc60R9wEg7IoCBUeodFCjv4NkABL22OUxVO9mKzzjUYTcqyxz3kM1EPw4tEvNix4YGa5t9uPlHLigS94X5oQ4ZLUoR7GLnqpADcV09G-lzAiZAS_jKfYEnEWBNBLLuA9d3Zl1GybLH3ewNoQltVJkYmZflEj2gLvhgvUGanCSluJWFtUwZXlL1RE_e9vsTPeH8EbxIj1MnbWeRudzelSNlnlCjrtXkz8lyyjPLZHQLUjr4K4BF-TAlX2QdOTwBpeuyCxJXKtsySsBWTEo3UpTY3f3VnGliggvZINWfO9LXvADn_JdoCW7LubUIFPw4P5ury8am06vybVWsXyOCSum_6iiWJQ4GtJukMjn1SW6J_WbRqHe6_dQyUt5hnWGbfAu3AADiM4hOHrL6OwbfvLhdky75syEOvGrU3HACP3KVc_RWyEz2lOyGB7g_R7Bcs74IaiItSd7M15RTcYTqnlUg-zGehDfomxoBEsXnuIepvwly4em4hPdPnJ_gvkzYu3Vix_asRwnAMePo3mjA&cid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dFYZRea5yhk49s&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.184.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f157.1e100.net

Software

cafe /

Resource Hash

07abc6b324d1950869c2b3a9cdfd430cbd86cfd66e709638837ff49a2b209143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 22:23:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15141
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FB7A 0
0 58ms
57ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1O_l1xAUYqqDA4WV3wOinZrwDvjR6M9n0fD3psgPsZad5NAoEAEg163ULWCVoqCCsAegAaH1-ZkByAEFqQKL4yTeZwazPqgDAaoEiAJP0Ogqceu7d21uktsxjHhSh-3F4f_93YWnmF8AszNpOE-JUbHdyretDVQ2GDTytwWwqEgMO7W5B-117Q1PEEjXGHoAlJytaxwf5-61S5d1JMOXLl3nmPhMIIaig5DIGjcCPtnqZ2oGdbWWxzvgCAJP8EQ1zow1Lz3SvNsms7XPD0b48G4GaWTGIoXXyNGmNkUaAC-eggvg4ruuBj2gk-y4iza7zxld23tuIy7KXt4tkHcTN_EDIFouQGnU7BdfiAlf6ZHb8ITR8lk4fOoX4cHDpIVM0gPIPIYiU08VgDph1_N_--UQkR4QNpsSjoU7Jpy2yqP4TopXOwz-tDoQmRtWmo5Fd4U1YN_ABJD7sIKABOAEA4gF__mS6DqSBQYIAxABGAGSBQYIGxACGAGSBQ0IIhADGANIj62rAVABkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZ2gAfHiobmAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcKEJ-0IxjJ6su_AdIICQiI4YBwEAEYHYAKA8gLAbATk7btDcgTz5qA3wPQEwDYEwqIFALYFAHQFQGAFwGyFx4KHAgAEhRwdWItMzk3NzQxNTE3MDYxNDU1NxiR_gc&sigh=Vt4qgLormKs&uach_m=[UACH]&cid=CAQSPwCNIrLM8kvTPI37NsqmMzuJOMh-M2C_-hNPoFLJnBZ8IGamzdK9Xj_XL5qppAu_E5K_rj0mcm8uPzEv9MCg3w&vt=10
Requested by: Host: 357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
URL: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame FB7A 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e07c5b69dd651e11ff35c35e3f973fa3a5a21095bc416c39a1f9cd2c3f74ae50

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C76 0
23 B 85ms
56ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: marketplace.salisburypost.com
URL: http://marketplace.salisburypost.com/AdHunter/salisburypost/Home/EmailFriend?url=https://www.onlinecasino2go.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 21 Feb 2022 22:23:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame FB7A 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 18:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188253
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Feb 2023 18:05:46 GMT

HEAD
H/1.1

200
OK

file.mp4
r5---sn-5hne6nsd.c.2mdn.net/videoplayback/id/ecdb9572c780d2e7/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1677018199/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame FB7A
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/ecdb9572c780d2e7/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1677018199/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r5---sn-5hne6nsd.c.2mdn.net/videoplayback/id/ecdb9572c780d2e7/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1677018199/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

109ms
14ms

Fetch
video/mp4

2a00:1450:400e:4::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-5hne6nsd.c.2mdn.net/videoplayback/id/ecdb9572c780d2e7/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1677018199/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5A48809C99F8CB166D11E29D9E9A0A41F6445F21.1416F80F59000B3A9060DD54AFE8E42F4C60EC33/key/cms1/cms_redirect/yes/mh/_m/mip/2001:1af8:4020:a034:9876::15/mm/42/mn/sn-5hne6nsd/ms/onc/mt/1645481906/mv/u/mvi/5/pl/49/file/file.mp4

Protocol

HTTP/1.1

Server

2a00:1450:400e:4::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 22:23:19 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2225760
Last-Modified: Wed, 12 Jan 2022 12:17:49 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Mon, 21 Feb 2022 22:23:19 GMT

Redirect headers

date: Mon, 21 Feb 2022 22:23:19 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 658
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r5---sn-5hne6nsd.c.2mdn.net/videoplayback/id/ecdb9572c780d2e7/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1677018199/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5A48809C99F8CB166D11E29D9E9A0A41F6445F21.1416F80F59000B3A9060DD54AFE8E42F4C60EC33/key/cms1/cms_redirect/yes/mh/_m/mip/2001:1af8:4020:a034:9876::15/mm/42/mn/sn-5hne6nsd/ms/onc/mt/1645481906/mv/u/mvi/5/pl/49/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame FB7A 0
17 B 34ms
17ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=2~kzx9m73v&c=7152746146374&slotId=3576373073187&qqid=COrK1e_qkfYCFYXKdwodoo4G7g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=989&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vmfc=17&vhc=0&msm=1&aits=0%2C17%2C36%2C18%2C22%2C37%2C43%2C44%2C45%2C46%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&ape=1&met.4=videopreviewvisible.nd
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:19 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 710C 23 KB
9 KB 20ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 20 Feb 2022 23:00:35 GMT
expires: Mon, 20 Feb 2023 23:00:35 GMT
cache-control: public, max-age=31536000
age: 84164
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D2DA 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BKVks1xAUYq6DA4WV3wOinZrwDgAAAAA4AeAEAg&bg=!3d6l3prNAAbf-5Dq3_s7ACkAdvg8WhIf3CR_5g7XdJYAIQqYXbcNj2gZDlXEU6rSU4VSeO9Z38kvzgIAAACiUgAAAANoAQcKAEqfCjnYCYMlh-IvaNs-cZmMhSiPWrGOTgCpdAkjg99lP5CA_eT8hMW8XODekfQanKQaA1OKihdkTpavVh_KKQARUs5qg36Z8V77VpkDHvOjhvY_zsLQPQ73WMOs7d-oxeZlIyQsX__KlH5LPSluh-btn9_kMJGzfl_1WBycUZcqC4_7VKBzMQ89fZ2qVXW41SuItUi0CJiklt_hAZ4Od5f70TPEGI2S1Wp--OGXXIJOqJOEz8Q3kTkF_uCfrX9Cg6OG441xrzH-AMrGgp1XsPaWepUYgevnTWdcGKVcLlnFSWVr85HYLw9AyiF3TF_kO5ZtxLAFhkViKJPGAMbWBfE_pyAbdYVfWLZPaQ6TxEknsOLZlxXNeSQ1s-hd2VC9QGZXOGnL8A1DfNmdg6qgrf5rfi1P5r9wSNe5oltaOPKFJDKufLx8YAiSKE1eYVzbBLyIlqzN3d-dNjFPoYF_PVn2sXN4mq0joe7ReHkOWzF86Gtlz8iY4BHlASUbMYo2nzHogq0Yw6PiNgwhATc2l4aVNTIbnASweMNKyeSuM8uJXCYS43xL2hYU2vDlso9W1LsyOqo7euNdJf2rdI9jIPz_gPTY5CggsoYcfD97oPC4TA_6cmnK-MnDprSFhtx83GH9MZto8JHL4KhzBt8AHHwyswLqWkZXNaM0pPkWt0TuuAcOqJWkS2hW8MVoFbSohIWVRgPQvaFkyl2KrrKhDB9HMRLlbLMozLnkFvAiihV_6gp1JMRyCcDPTITcoF_VJYKgpZyJz9FA2pDZQXhGRenVPRorKXdLKVljLwX1TP3nWDkVO5Dv4cMlj3LS4u-YJS-BggIZeb1u9GnpxhtIc-agLySXY_AgqiFbgVochAvppDQZJI52roxe6PqqxI8teglsJFxximh-6a2mg9Awqt_vGwHM9ZT0OvVaxW0pcGMCiCCtd3RPqf5brs5dLYJOYhKcZ8rfFMBFGQlpbvTmI2gkbaaA41tHtyv3SP05tlmhQfKOP6b21d5eCQwkoam1hxODLOrSUCEZfNP6nve3Bna6he9z5EDXm8RKRC5E7InF8INEVExpNLxMcnNvViBmkSn58Tchw3SO61vLEzWlKo-wQBhQBDK1I8i2YFNPkaJCVnMcVSsHgQpoiFWCuSNfCvCVxzt7omlhfHbWRA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 RTAFWjK1oaY5MR175eart5uncqyuFBD5-f7_3Cl3Idw.js Show response
pagead2.googlesyndication.com/bg/ Frame 710C 35 KB
13 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RTAFWjK1oaY5MR175eart5uncqyuFBD5-f7_3Cl3Idw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4530055a32b5a1a639311d7be5e6abb79ba772acae1410f9f9feffdc297721dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 21 Feb 2022 15:19:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13529
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Feb 2023 15:19:21 GMT

GET
H3 206 file.mp4
r5---sn-5hne6nsd.c.2mdn.net/videoplayback/id/ecdb9572c780d2e7/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1677018199/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame FB7A 2 MB
2 MB 30ms
14ms Media
video/mp4 2a00:1450:400e:4::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:4::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

9e7e2f4aaa14f77de01e2d960597d502eebe9a82cd9c5e2ee8fadab2f3b69f62

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2225759/2225760
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2225760
expires: Mon, 21 Feb 2022 22:23:20 GMT
last-modified: Wed, 12 Jan 2022 12:17:49 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
client-protocol: quic

POST
H3 204 csi
csi.gstatic.com/ Frame FB7A 0
17 B 17ms
17ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=3~kzx9m77g&c=7152746146374&slotId=3576373073187&qqid=COrK1e_qkfYCFYXKdwodoo4G7g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=989&mt=video%2Fmp4&vs=640x360&ple=1&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252Fecdb9572c780d2e7%252Fitag%252F343%252Fsource%252Fweb_video_ads%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F1677018199%252Fsparams%252Fip%252Cipbits%252Cexpire%252Cid%252Citag%252Csource%252Cctier%252Cacao%252Fsignature%252F4C768470A7078E0AD3346F830D9B4C3B4EE865D2.6251332B637A285658ACBC5C6ED75F6FCD5611F5%252Fkey%252Fck2%252Ffile%252Ffile.mp4&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 710C 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=B449P1xAUYpvyLa21nsEPh5OJsAQAAAAAOAHgBAI&bg=!39yl3JjNAAbf-5Dq3_s7ACkAdvg8WiJTLc7zyjV8wPZ4qeFTgrBFh7wIkJu9TCDX1P2nwLgOZojQiwIAAAB_UgAAAAJoAQeZAyKHtztgDzD7PY49UrY3KlF1nJt1IRRagfcuqReHUvrFtu0dTTihWG8sN1QdQS8kk6Sh6WdP8eIvLxftB2Fs_kbLruX4ygEGwBTCS0yYAtG46veIae9Or0tP0gGkT0nIKAhaFJgGrqqC6hal-RgwEEvQkBhPhep_uk3e9S4s8uh4LZHyj6zgn4RR4cXVeykwFuOSZjlPdETJoRPMoiL2z-sh3FwgRlyG9zh40MFzsuZtqggaijpRH4SHiDsfZzmJpG8biv3MpyZ9-kLp8rBz4MNcwICB7yzKBXrbV-R04neVwzIGGMoHccZKN_uBo4ePhrqlHM0LdyN8ZEUI9BhEJXTb3OQS9ajN0-ii554DdnkpvmEBo5livSpc_3xtAVNph0iudWOwxtC9a3RyZci7x7g2DdScLlPKP9cLzG2Iz9vsYkdORdP4xcN8SaixOStBOH6Gfkhp-76B12yZU1Z-mHZMm6SLfOauE0mf4tHqEYd-aXUgzzbWMbWpe_3iiPEZETL9FKB3HD1NoPK0M6Pl6Tq_gg_UKse63mSxXwpj9PKxvvYO7rfjTuBKYk17GNRsEOkhmn8XTNSpb7wn5bsBbMVlb2nUKzEJ6icgS8Rj5rMFo2nK5V-MRqNjYSrr9P2iNkolX5ZhKrRW1JO-b18OMMeyaMfdybTAHxtPL0snDRB7YlrvY9AIm61FIOtJukOXXBFp4or8HOO1pVmDqaWdqYZMqMAz7qZsSPXpksiE0wlG2WJSjO-rzYgrEaIx_luxMUwmDJxCEPHoNatb5NuulKIEcIsNHnpySOFonwDOLken8IxcCbmWOKd_gJvJ3xGFgSwhh3xcw1lpePkSQambW9dal5GVznFtKSISyeBx9S9YkQND3DjkvKrkQelNEnQZ3kKUg0MKpEyTHUH_akBZqY-f6mPWQCSn90MCeRyfgulrm5IXeaZGmQmKZiXp7DmcYo38eu9I-6d9UqbEQ0SXD3vtri65Mnas-B1UYAm36ywEPY7MnpBOj9yMxLuZ5Gg7GU9z3-ZCg-dIACybIl72ql9Pm_Ad5HJPGdcuwXmZSX7YvSP1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI27mA8OqR9gIVrZonAh2HSQJGEAAYACDAq8FOOhoI6ZeP5wIQkPuwgoAEGM-agN8DINHw96bID0ITCOrK1e_qkfYCFYXKdwodoo4G7g;dc_rmcid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dF...
ade.googlesyndication.com/ddm/activity/ Frame FB7A 42 B
107 B 124ms
57ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI27mA8OqR9gIVrZonAh2HSQJGEAAYACDAq8FOOhoI6ZeP5wIQkPuwgoAEGM-agN8DINHw96bID0ITCOrK1e_qkfYCFYXKdwodoo4G7g;dc_rmcid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dFYZRea5yhk49s;eps=CIjhgHAQARgd;met=1;acvw=sv%3D20211103%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15018%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D402690676%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1645482200140;dc_rfl=[URL_SIGNALS];ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame FB7A 42 B
64 B 69ms
39ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cgfuj1xAUYqqDA4WV3wOinZrwDvjR6M9n0fD3psgPsZad5NAoEAEg163ULWCVoqCCsAegAaH1-ZkByAEFqQKL4yTeZwazPqgDAcgDmwSqBIsCT9DoKnHru3dtbpLbMYx4UoftxeH__d2Fp5hfALMzaThPiVGx3cq3rQ1UNhg08rcFsKhIDDu1uQftde0NTxBI1xh6AJScrWscH-futUuXdSTDly5d55j4TCCGooOQyBo3Aj7Z6mdqBnW1lsc74AgCT_BENc6MNS890rzbJrO1zw9G-PBuBmlkxiKF18jRpjZFGgAvnoIL4OK7rgY9oJPsuIs2u88ZXdt7biMuyl7eLZB3EzfxAyBaLkBp1OwXX4gJX-mR2_CE0fJZOHzqF-GZwj5w30BFWpdCxm-j8Znmkc4pj8ocyKPn4AOEGC2PEj4QciK6IpwfQhUUWlT6ImDhwI-iXd50yVwzuewVwASQ-7CCgATgBAOQBgGgBnaAB8eKhuYCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgHAQARgdgAoDyAsB4AsBgAwBsBOTtu0NyBPPmoDfA9ATANgTCogUAtgUAdAVAfgWAYAXAQ&sigh=4lXh-H-iaiE&label=part2viewed&ad_mt=5&acvw=sv%3D20211103%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15018%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D402690676%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1645482200140

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FB7A 0
24 B 73ms
72ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstpOBTJ_ArXLFFjXbGttjmb4Scl6SFWrQnGqEDyNfh8Q2qv3yibqm8CR6asKUKCv7Y5EkbCEdA3sovXOwaKyKR1dRUUWJr1-8UqPRS5286WZF8omYL1vJ1LT7indrmbhWVIa5VIZ5lkQ4jjOXK35uETwPvvM21jWLDHarg058plKh9Klpzw_-l08i-FFlyH86rjJJ4r5UEUcdQwC8TC7NPwa3JCkaJbnCjMKw55V00D_iWi85FGFJSD0vkPwARlognxnIA_I46VtHi4QjTYtINWTSNZ8XsaTVRGUVscx5biZTmNWMZj5hayozQu7I7DflV_oLPKoXO4O6tJXl7jy1beKNSqwykc1lzFEV_LktC9kD7YL7-5iB3XlWXHmX3rw3_9mcwM8DQPAK_rKrv5kF2ytWMTUSiZBkZHHlSi16hbIAC9tIwl4h5xSXOkwK4lfSZPKcyNH4LiFcm9I9kKERDSKa3bZWcY8brWmI9Wr-mzdEPEVlA9LqGKs3g0S5vg6zBwEFFPwBzy3mlgpUQVTnVF2-OfOwWjd30YizP8K058mIiUZ_wPozrzwGM_3bYIrCYkBsQkjkSv7gbNv1yeiGC0ip0b6Aj7V09Wff_f6AjjNwM6ZYyH4u3dBIP3odNTB8izX9snA4psu7uMtFbrs-nAGv_TljQjwaM5NxwKAajv2OQ8h0w1ENIjdMvsoMFNfyBzwMP83v8K9dxRN1WJYCuKSYsuYWxp5WrPEA7ymzktMMnJowcXBEa71psJWOuBkiAJTM7vj3FO00ft51RRWl1351qptshnUudh40Wk8TcYN350IQUoU3i_21K_0vGr1T5w7YPRzBmlFK8QL9L5Ku2t646Yc51uD8pbKDPAcBMKW7Dlh5MbJkrmgRdRgCKFOUJBpEAUDpIvxxMYzkpU_UnRdNNaPt82ILOuDKMwF56XuA0TnN5lZ1IFlgoflfPLqdO_RWprrpTxf9sm631v-hbueJ_ItZqg2M-cnQTd-2-C0k8ckkwYzyb3PCmwmOnyFw10wDzCwlZd2sFAx8N1DRavgS67H89jhxIl35s4LtEAAgbCPP2MOwERWTWawqZpz7twpQ_DYHDOVWtCfuVRPLSTehBiwtsbb1yfprasjdPFk9hTlVtag3YJP4LKQE-wqX9jwgLWndN5jsgHwU1mEwLb6c--wUrpz-P3QZDFyWuJelqo-n-obVj9FjkQ64HClvgEpGiq2VFMmWdhvugtjrDo6DJDfiWqD4SUxpE&sai=AMfl-YSpCW0kdQv_24CgtiLb0gx5_HOIkhv_X7mdgY2RxqNK1o_hS5Di6l6WvyAVTxv3b990Nr4kz0Rap_ynH6oB1SqZloSoiZW1AL9H0Cc4an-K6cGIVnlUZ5y-0z62xRXYLvqUxdAZ3mxf-9IyrIhQJWwFBqswwMjNjNRov51WGy5fBMpkgSNq0ivq0tdTdFbA5BjpqHCPp5EjVt1OnCa554ZchnaMmUBoX33HwuekgQ&sig=Cg0ArKJSzBxVam3y2nnVEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 21 Feb 2022 22:23:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame FB7A 0
0 68ms
39ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKL5zcYCEOmXj-cCGMnqy78BIAEwAQ&v=APEucNXpFWPq24H8VxiU5B3RXnGHwHx8NpvAd4ZKhLV6hm57BJvdjMaT_DkkXbikXJNYjFFXP5dcPZnyXOk8OglULOiU7peZmg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FB7A 0
20 B 59ms
57ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI27mA8OqR9gIVrZonAh2HSQJGEAAYACDAq8FOOhoI6ZeP5wIQkPuwgoAEGM-agN8DINHw96bID0ITCOrK1e_qkfYCFYXKdwodoo4G7g;dc_rmcid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dF...
ade.googlesyndication.com/ddm/activity/ Frame FB7A 42 B
494 B 122ms
55ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI27mA8OqR9gIVrZonAh2HSQJGEAAYACDAq8FOOhoI6ZeP5wIQkPuwgoAEGM-agN8DINHw96bID0ITCOrK1e_qkfYCFYXKdwodoo4G7g;dc_rmcid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dFYZRea5yhk49s;eps=CIjhgHAQARgd;met=1;acvw=sv%3D20211103%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15018%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D402690676%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1645482200140;ecn1=1;etm1=0;eid1=200101;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FB7A 42 B
64 B 62ms
60ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstneyKepnFM-rbJmlQaobiE-hRt8d7CQlvfPcyUrJidYOpqpZL0URtxFivK_SSkA1LJpS8nmXROyi6wDKYmWX6e6oxbqPXwEu3Mcv5Pughd2sP_zLxR-w&sai=AMfl-YSf4061Cuip_LGpLcYerP3ia9OO3P9517hwa4GZUKql-BDQbrgOcwn913ZfPTXjQCDgxcQ83TkvjZhMGY6pJyh-Aw_eT0Nuvedyrb41alnK66XHh2T10zRSwJNT3PGG&sig=Cg0ArKJSzOE-zimU6nBwEAE&cid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dFYZRea5yhk49s&id=lidarv&acvw=sv%3D20211103%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15018%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D402690676%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1645482200140&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame FB7A 42 B
64 B 71ms
43ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cgfuj1xAUYqqDA4WV3wOinZrwDvjR6M9n0fD3psgPsZad5NAoEAEg163ULWCVoqCCsAegAaH1-ZkByAEFqQKL4yTeZwazPqgDAcgDmwSqBIsCT9DoKnHru3dtbpLbMYx4UoftxeH__d2Fp5hfALMzaThPiVGx3cq3rQ1UNhg08rcFsKhIDDu1uQftde0NTxBI1xh6AJScrWscH-futUuXdSTDly5d55j4TCCGooOQyBo3Aj7Z6mdqBnW1lsc74AgCT_BENc6MNS890rzbJrO1zw9G-PBuBmlkxiKF18jRpjZFGgAvnoIL4OK7rgY9oJPsuIs2u88ZXdt7biMuyl7eLZB3EzfxAyBaLkBp1OwXX4gJX-mR2_CE0fJZOHzqF-GZwj5w30BFWpdCxm-j8Znmkc4pj8ocyKPn4AOEGC2PEj4QciK6IpwfQhUUWlT6ImDhwI-iXd50yVwzuewVwASQ-7CCgATgBAOQBgGgBnaAB8eKhuYCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgHAQARgdgAoDyAsB4AsBgAwBsBOTtu0NyBPPmoDfA9ATANgTCogUAtgUAdAVAfgWAYAXAQ&sigh=4lXh-H-iaiE&label=vast_creativeview&ad_mt=5&acvw=sv%3D20211103%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D1%26dur%3D15018%26vmtime%3D5%26is%3D18%26i0%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D402690676%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1645482200140

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame FB7A 0
17 B 17ms
17ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=4~kzx9m7dk&c=7152746146374&slotId=3576373073187&qqid=COrK1e_qkfYCFYXKdwodoo4G7g&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=989&mt=video%2Fmp4&vs=640x360&dm=15000&event_name=first_play&asset_bytes=217584&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=11&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=ff.xa~videopreviewstarted.xb
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5C76 42 B
64 B 107ms
68ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvx-yJUWEG8QVA9lfGO_AoWZUHX9XgGz5fmX6PDa4zoC9HRZa_VCMGaNdFFmskMNVFRCirVyVYKfwupoZPyg4TUxKRv87f9jupwvVNIz7GEOwuegz-cxg&sai=AMfl-YSr0YoX3TYQwaxwbJQQsiputD4aCjA_Kz2VqUwJj9LSWWMqRZbrcxG3svsPq_PoKJQKZu0Rtu1P2u_EEfOsWR6ub71cl_0lD1YkQj-g8lLk0_YU4y4IG4OlH61W3Klz&sig=Cg0ArKJSzDG57uWfRSvREAE&cid=CAASPeRom4wph336t-kM9NxK9MIJnm6vOUBtyKkJsmWYwvKNCpCMDKd8HgCFWn31-T0I9BC9NMJzoq_Z5axOWrY&id=lidar2&mcvt=1000&p=11,316,261,1286&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220216&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3166178871&rs=4&la=1&cr=0&vs=4&r=v&rst=1645482199443&rpt=278&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMI27mA8OqR9gIVrZonAh2HSQJGEAAYACDAq8FOOhoI6ZeP5wIQkPuwgoAEGM-agN8DINHw96bID0ITCOrK1e_qkfYCFYXKdwodoo4G7g;dc_rmcid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dF...
ade.googlesyndication.com/ddm/activity/ Frame FB7A 42 B
63 B 108ms
68ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI27mA8OqR9gIVrZonAh2HSQJGEAAYACDAq8FOOhoI6ZeP5wIQkPuwgoAEGM-agN8DINHw96bID0ITCOrK1e_qkfYCFYXKdwodoo4G7g;dc_rmcid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dFYZRea5yhk49s;eps=CIjhgHAQARgd;met=1;acvw=sv%3D20211103%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,169,299%26tos%3D2007,0,0,0,0%26mtos%3D2007,2007,2007,2007,2007%26amtos%3D0,0,0,0,0%26mcvt%3D2007%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2168%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D40%26pst%3D1%26dur%3D15018%26vmtime%3D2173%26dtos%3D2007%26dtoss%3D1%26dvs%3D2007%26dfvs%3D2007%26dvpt%3D2168%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D402690676%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2007;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.02%26t%3D1645482200140;ecn1=1;etm1=0;eid1=200000;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FB7A 42 B
64 B 57ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstneyKepnFM-rbJmlQaobiE-hRt8d7CQlvfPcyUrJidYOpqpZL0URtxFivK_SSkA1LJpS8nmXROyi6wDKYmWX6e6oxbqPXwEu3Mcv5Pughd2sP_zLxR-w&sai=AMfl-YSf4061Cuip_LGpLcYerP3ia9OO3P9517hwa4GZUKql-BDQbrgOcwn913ZfPTXjQCDgxcQ83TkvjZhMGY6pJyh-Aw_eT0Nuvedyrb41alnK66XHh2T10zRSwJNT3PGG&sig=Cg0ArKJSzOE-zimU6nBwEAE&cid=CAASPeRoroaT9q4gbusXkqk9O1DB9HpHhh5A_BLFvUaupYBcDqCz8e8KAW1Kah9LHMxda9i-5dFYZRea5yhk49s&id=lidarv&acvw=sv%3D20211103%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,169,299%26tos%3D2007,0,0,0,0%26mtos%3D2007,2007,2007,2007,2007%26amtos%3D0,0,0,0,0%26mcvt%3D2007%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2168%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D40%26pst%3D1%26dur%3D15018%26vmtime%3D2173%26dtos%3D2007%26dtoss%3D1%26dvs%3D2007%26dfvs%3D2007%26dvpt%3D2168%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D402690676%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2007&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.02%26t%3D1645482200140

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Feb 2022 22:23:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bit.ly/	1970-01-20 05:23:54	Name: _bit Value: m1lmnh-2baa09b8ac16da4a9a-00L
marketplace.salisburypost.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: qds0b4q4flqfbg42zub4o1hk
.salisburypost.com/	1970-01-20 18:35:54	Name: _ga Value: GA1.2.776250428.1645482199
.salisburypost.com/	1970-01-20 01:06:08	Name: _gid Value: GA1.2.1473004474.1645482199
.salisburypost.com/	1970-01-20 01:04:42	Name: _gat Value: 1
.salisburypost.com/	1970-01-20 10:26:18	Name: __gads Value: ID=ddfe6cbcbc32e953-22774fc849cd0006:T=1645482199:S=ALNI_MZxnyLypY0KDKz45-jC9_bBF8TUuA
.doubleclick.net/	1970-01-20 10:26:18	Name: IDE Value: AHWqTUniGOtV6MPExPITVFhkLMtuWkShkhDFeJ24q4t6hM9uHmS_kq6IyIAma4KZ

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.salisburypost.com/wp-content/themes/2014-bni/media/css/AdHunter.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.salisburypost.com/wp-content/themes/2014-bni/media/css/AdHunter.css Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js(Line 346) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js(Line 346) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

357fe02044d42d4366deb4af82e7bfb7.safeframe.googlesyndication.com
ade.googlesyndication.com
adservice.google.com
adservice.google.nl
bid.g.doubleclick.net
bit.ly
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
imasdk.googleapis.com
marketplace.salisburypost.com
pagead2.googlesyndication.com
r5---sn-5hne6nsd.c.2mdn.net
s0.2mdn.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
tpc.googlesyndication.com
vjs.zencdn.net
www.google-analytics.com
www.google.com
www.googletagservices.com
www.salisburypost.com
142.250.184.226
142.250.185.98
142.250.186.162
192.0.66.88
2001:4860:4802:32::3
2a00:1450:4001:800::2006
2a00:1450:4001:801::2002
2a00:1450:4001:803::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2001
2a00:1450:4001:810::200e
2a00:1450:4001:827::2002
2a00:1450:4001:827::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2001
2a00:1450:400c:c08::9d
2a00:1450:400e:4::a
2a04:4e42::729
64.233.184.157
67.199.248.10
69.18.223.164
07a296ff289165067a4dec423eaaadd5957600e5c7c92e87985ac79f08b120d7
07abc6b324d1950869c2b3a9cdfd430cbd86cfd66e709638837ff49a2b209143
0abb1761b76e3bb665dc4e33c6ebc9b5fc019d21012999219b63f98f57cbc2f2
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1ee8e0976dd2573237ad94a3e213715084ddec16b20e77c8e43de5e89f9ef052
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2d49a779bd9e88769cc638bd3cbc84bc4d10d901efbadec3818bb5c5f3b88142
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
425d7478422a02b8592686dd947b18cae0ca66ab39dc437067219356fb7a0a61
4530055a32b5a1a639311d7be5e6abb79ba772acae1410f9f9feffdc297721dc
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
592e90b668cbb57ef50d7f2b95482426061af541ae5d19bd4f8e7906890ffc6e
5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53
5e36d275e3ba58a075e5049d57e29b5d01f75528aa8143280089e27b5a536305
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61daa5e10d1910c94db36832a3adb3e9bec2c60a0b584b37daea27f634f36fd0
6229539021ff0e6893f9439e30e33fb44f01e21769f7d1b9ab518b0cd30c1ab8
62d8362fa6fbbbf7df422d7fb460a0a505b2320d5899a006a0382d89e2245a6a
64048268e2f8caeec11f90d90bc9fa6f2e425f3cc9ea8a1f26dc12636b286e03
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68aaea43baba9970d59648385e49f25a348a96c29bfcfbaf7bc9e7f220e152e2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8a4aad7baea607902d7f2aababbd7c76e4b93d167c62c756b1c25a39579172c7
9e7e2f4aaa14f77de01e2d960597d502eebe9a82cd9c5e2ee8fadab2f3b69f62
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a24ab1e87cb04628ad6b619682abc4027b6ff60d9579d05218130eff57ec7eec
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
c4a8e189509fdf64407c77cf16faa094310c7654690cac86b9b31f32c827fecb
c7ac00fbaa6a387f5792ecc644f10cb3b8fcd00b358eec9cb90cbb22794687e9
cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d77554d7adaa974ab50b409f6c81bfd0ab1afe3babd4591b4f1f2c4ae226c03c
e07c5b69dd651e11ff35c35e3f973fa3a5a21095bc416c39a1f9cd2c3f74ae50
e3915a9586014fa6faf8d03e592894bd0406794eab0d0120a42ac117dce40786
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8018aebe1815f3741693a5b9766a1b4d5202f828c876a4e57e6dd1228dfa74d
ea51cb65f2225b15c0f8dbfd0ff525daaa632279c558b32923cf07cf0c689828
eb4ac05d8923740a5d8956572b69dbf911035c9bbebc591fccc1394e4b6fafc9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

marketplace.salisburypost.com Open in urlscan Pro 69.18.223.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

81 Requests

84 %HTTPS

72 %IPv6

12 Domains

25 Subdomains

24 IPs

4 Countries

3288 kBTransfer

4367 kBSize

7 Cookies

2 Outgoing links

Page URL History

Redirected requests

81 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

marketplace.salisburypost.com Open in urlscan Pro
69.18.223.164 Public Scan

Screenshot
Live screenshot

Full Image

81
Requests

84 %
HTTPS

72 %
IPv6

12
Domains

25
Subdomains

24
IPs

4
Countries

3288 kB
Transfer

4367 kB
Size

7
Cookies

81 HTTP transactions
2 data transactions